Expand description

rustls-native-certs allows rustls to use the platform’s native certificate store when operating as a TLS client.

It provides a single function load_native_certs(), which returns a collection of certificates found by reading the platform-native certificate store.

If the SSL_CERT_FILE environment variable is set, certificates (in PEM format) are read from that file instead.

Certificate here is just a marker newtype that denotes a DER-encoded X.509 certificate encoded as a Vec<u8>.

If you want to load these certificates into a rustls::RootCertStore, you’ll likely want to do something like this:

let mut roots = rustls::RootCertStore::empty();
for cert in rustls_native_certs::load_native_certs().expect("could not load platform certs") {


  • A newtype representing a single DER-encoded X.509 certificate encoded as a Vec<u8>.


  • Load root certificates found in the platform’s native certificate store.