diff --git a/.gitmodules b/.gitmodules
index 7949509ba699..e63ea0dde4f6 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -2,3 +2,6 @@
 	path = chia-blockchain-gui
 	url = https://github.com/Chia-Network/chia-blockchain-gui.git
 	branch = main
+[submodule "mozilla-ca"]
+	path = mozilla-ca
+	url = https://github.com/Chia-Network/mozilla-ca.git
diff --git a/build_scripts/daemon.spec b/build_scripts/daemon.spec
index 02abbe096852..2d8735193104 100644
--- a/build_scripts/daemon.spec
+++ b/build_scripts/daemon.spec
@@ -89,7 +89,7 @@ full_node = Analysis([f"{root}/src/server/start_full_node.py"],
 wallet = Analysis([f"{root}/src/server/start_wallet.py"],
              pathex=[f"{root}/venv/lib/python3.7/site-packages/aiter/", f"{root}"],
              binaries = [],
-             datas=[(f"../src/ssl/dst_root_ca.pem", f"./src/ssl/"), (f"../src/ssl/chia_ca.key", f"./src/ssl/"), (f"../src/ssl/chia_ca.crt", f"./src/ssl/"), (f"../src/util/english.txt", f"./src/util/"), version_data ] + hex_puzzles,
+             datas=[(f"../mozilla-ca/cacert.pem", f"./mozilla-ca/"), (f"../src/ssl/dst_root_ca.pem", f"./src/ssl/"), (f"../src/ssl/chia_ca.key", f"./src/ssl/"), (f"../src/ssl/chia_ca.crt", f"./src/ssl/"), (f"../src/util/english.txt", f"./src/util/"), version_data ] + hex_puzzles,
              hiddenimports=subcommand_modules,
              hookspath=[],
              runtime_hooks=[],
diff --git a/build_scripts/daemon_windows.spec b/build_scripts/daemon_windows.spec
index ac0906803449..52386884fde6 100644
--- a/build_scripts/daemon_windows.spec
+++ b/build_scripts/daemon_windows.spec
@@ -87,7 +87,7 @@ full_node = Analysis([f"../src/server/start_full_node.py"],
 wallet = Analysis([f"../src/server/start_wallet.py"],
              pathex=[f"../venv/lib/python3.7/site-packages/aiter/", f"../"],
              binaries = [],
-             datas=[(f"../src/ssl/dst_root_ca.pem", f"./src/ssl/"), (f"../src/ssl/chia_ca.key", f"./src/ssl/"), (f"../src/ssl/chia_ca.crt", f"./src/ssl/"), (f"../src/util/english.txt", f"./src/util/"), version_data ] + hex_puzzles,
+             datas=[(f"../mozilla-ca/cacert.pem", f"./mozilla-ca/"), (f"../src/ssl/dst_root_ca.pem", f"./src/ssl/"), (f"../src/ssl/chia_ca.key", f"./src/ssl/"), (f"../src/ssl/chia_ca.crt", f"./src/ssl/"), (f"../src/util/english.txt", f"./src/util/"), version_data ] + hex_puzzles,
              hiddenimports=subcommand_modules,
              hookspath=[],
              runtime_hooks=[],
diff --git a/install.sh b/install.sh
index 1d9f9647a732..96fcfd91548d 100644
--- a/install.sh
+++ b/install.sh
@@ -18,6 +18,8 @@ if [ "$(uname -m)" = "armv7l" ]; then
 	echo "Exiting."
 	exit 1
 fi
+# get submodules
+git submodule update --init --recursive
 
 UBUNTU_PRE_2004=false
 if $UBUNTU; then
diff --git a/mozilla-ca b/mozilla-ca
new file mode 160000
index 000000000000..666cf78bbe8e
--- /dev/null
+++ b/mozilla-ca
@@ -0,0 +1 @@
+Subproject commit 666cf78bbe8e700c67a6c8a21fe8052686931f32
diff --git a/setup.py b/setup.py
index 4f666ada9f7f..5b152d142d8b 100644
--- a/setup.py
+++ b/setup.py
@@ -77,6 +77,7 @@
         "src.wallet.util",
         "src.wallet.trading",
         "src.ssl",
+        "mozilla-ca",
     ],
     entry_points={
         "console_scripts": [
@@ -94,6 +95,7 @@
     package_data={
         "src.util": ["initial-*.yaml", "english.txt"],
         "src.ssl": ["chia_ca.crt", "chia_ca.key", "dst_root_ca.pem"],
+        "mozilla-ca": ["cacert.pem"],
     },
     use_scm_version={"fallback_version": "unknown-no-.git-directory"},
     long_description=open("README.md").read(),
diff --git a/src/daemon/server.py b/src/daemon/server.py
index c6817a2f9f9c..8396ca0e2dc4 100644
--- a/src/daemon/server.py
+++ b/src/daemon/server.py
@@ -16,7 +16,7 @@
 from src.cmds.init import chia_init
 from src.daemon.windows_signal import kill
 from src.server.server import ssl_context_for_server, ssl_context_for_root
-from src.ssl.create_ssl import get_dst_ca_crt
+from src.ssl.create_ssl import get_mozzila_ca_crt
 from src.util.setproctitle import setproctitle
 from src.util.validate_alert import validate_alert
 from src.util.ws_message import format_response, create_payload
@@ -49,8 +49,8 @@
 async def fetch(url: str):
     session = ClientSession()
     try:
-        dst_root = get_dst_ca_crt()
-        ssl_context = ssl_context_for_root(dst_root.decode())
+        mozzila_root = get_mozzila_ca_crt()
+        ssl_context = ssl_context_for_root(mozzila_root)
         response = await session.get(url, ssl=ssl_context)
         await session.close()
         return await response.text()
diff --git a/src/server/server.py b/src/server/server.py
index 90d06eb638b6..0f678caae084 100644
--- a/src/server/server.py
+++ b/src/server/server.py
@@ -6,7 +6,6 @@
 from pathlib import Path
 from secrets import token_bytes
 from typing import Any, List, Dict, Callable, Optional, Set, Tuple
-
 from aiohttp.web_app import Application
 from aiohttp.web_runner import TCPSite
 from aiohttp import web, ClientTimeout, client_exceptions, ClientSession, WSCloseCode
@@ -38,9 +37,9 @@ def ssl_context_for_server(
 
 
 def ssl_context_for_root(
-    ca_cert: str,
+    ca_cert_file: str,
 ) -> Optional[ssl.SSLContext]:
-    ssl_context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cadata=ca_cert)
+    ssl_context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile=ca_cert_file)
     return ssl_context
 
 
diff --git a/src/ssl/create_ssl.py b/src/ssl/create_ssl.py
index 12d634f44416..d00e04a1855b 100644
--- a/src/ssl/create_ssl.py
+++ b/src/ssl/create_ssl.py
@@ -17,8 +17,8 @@ def get_chia_ca_crt_key() -> Tuple[Any, Any]:
     return crt, key
 
 
-def get_dst_ca_crt() -> bytes:
-    crt = pkg_resources.resource_string(__name__, "dst_root_ca.pem")
+def get_mozzila_ca_crt() -> str:
+    crt = pkg_resources.resource_filename("mozilla-ca", "cacert.pem")
     return crt
 
 
diff --git a/src/wallet/util/backup_utils.py b/src/wallet/util/backup_utils.py
index 60caf2334097..fc88124fd54c 100644
--- a/src/wallet/util/backup_utils.py
+++ b/src/wallet/util/backup_utils.py
@@ -7,7 +7,7 @@
 from cryptography.fernet import Fernet
 
 from src.server.server import ssl_context_for_root
-from src.ssl.create_ssl import get_dst_ca_crt
+from src.ssl.create_ssl import get_mozzila_ca_crt
 from src.util.byte_types import hexstr_to_bytes
 from src.util.hash import std_hash
 from src.wallet.derive_keys import master_sk_to_backup_sk
@@ -72,8 +72,8 @@ def get_backup_info(file_path, private_key):
 
 
 async def post(session: aiohttp.ClientSession, url: str, data: Any):
-    dst_root = get_dst_ca_crt()
-    ssl_context = ssl_context_for_root(dst_root.decode())
+    mozzila_root = get_mozzila_ca_crt()
+    ssl_context = ssl_context_for_root(mozzila_root)
     response = await session.post(url, json=data, ssl=ssl_context)
     return await response.json()