diff --git a/lib/synapse_pay_rest/http_client.rb b/lib/synapse_pay_rest/http_client.rb
index 060999b..b8578bb 100755
--- a/lib/synapse_pay_rest/http_client.rb
+++ b/lib/synapse_pay_rest/http_client.rb
@@ -14,6 +14,9 @@ class HTTPClient
     #   @return [String] the url which is used to proxy outboard requests
     attr_reader :proxy_url
 
+    # @!attribute [rw] ssl_cert_store
+    #   @return [OpenSSL::X509::Store] the customized CA cert store
+
     # @param base_url [String] the base url of the API (production or sandbox)
     # @param client_id [String]
     # @param client_secret [String]
@@ -22,6 +25,7 @@ class HTTPClient
     # @param logging [Boolean] (optional) logs to stdout when true
     # @param log_to [String] (optional) file path to log to file (logging must be true)
     # @param proxy_url [String] (optional) proxy url which is used to proxy outbound requests
+    # @param ssl_cert_store [OpenSSL::X509::Store] (optional) a custom store of allowed CA certs
     def initialize(base_url:, client_id:, fingerprint:, ip_address:,
                    client_secret:, **options)
       log_to         = options[:log_to] || 'stdout'
@@ -31,6 +35,9 @@ def initialize(base_url:, client_id:, fingerprint:, ip_address:,
       RestClient.proxy = options[:proxy_url] if options[:proxy_url]
       @proxy_url = options[:proxy_url]
 
+      RestClient.ssl_cert_store = options[:ssl_cert_store] if options[:ssl_cert_store]
+      @ssl_cert_store = options[:ssl_cert_store]
+
       @config = {
         client_id:     client_id,
         client_secret: client_secret,
diff --git a/samples.md b/samples.md
index a1d0c83..64a5dfa 100755
--- a/samples.md
+++ b/samples.md
@@ -25,9 +25,11 @@ args = {
   # (optional) if true logs requests to stdout
   logging:          true,
   # (optional) file path to write logs to
-  log_to:           nil
+  log_to:           nil,
   # (optional) URL used to proxy outbound requests
-  proxy_url:        nil
+  proxy_url:        nil,
+  # (optional) a [OpenSSL::X509::Store](https://ruby-doc.org/stdlib-2.5.0/libdoc/openssl/rdoc/OpenSSL/X509/Store.html) of allowed CA certs
+  ssl_cert_store:   nil,
 }
 
 client = SynapsePayRest::Client.new(args)
diff --git a/test/factories/client.rb b/test/factories/client.rb
index a4ac094..08f3994 100755
--- a/test/factories/client.rb
+++ b/test/factories/client.rb
@@ -5,7 +5,8 @@ def test_client(client_id: ENV.fetch('TEST_CLIENT_ID'),
                 development_mode: true,
                 logging: false,
                 log_to: nil,
-                proxy_url: nil)
+                proxy_url: nil,
+                ssl_cert_store: nil)
 
   SynapsePayRest::Client.new(
     client_id: client_id,
@@ -15,7 +16,8 @@ def test_client(client_id: ENV.fetch('TEST_CLIENT_ID'),
     ip_address: ip_address,
     logging: logging,
     log_to: log_to,
-    proxy_url: proxy_url
+    proxy_url: proxy_url,
+    ssl_cert_store: ssl_cert_store
   )
 end
 
diff --git a/test/synapse_pay_rest/http_client_test.rb b/test/synapse_pay_rest/http_client_test.rb
index dbeee35..05c6367 100755
--- a/test/synapse_pay_rest/http_client_test.rb
+++ b/test/synapse_pay_rest/http_client_test.rb
@@ -8,6 +8,7 @@ def setup
 
   def teardown
     RestClient.proxy = nil
+    RestClient.ssl_cert_store = nil
   end
 
   def test_base_url
@@ -57,4 +58,17 @@ def test_proxy_url
     assert_equal client_with_proxy.http_client.proxy_url, proxy_url
     assert_equal RestClient.proxy, proxy_url
   end
+
+  def test_ssl_cert_store
+    cert_store = OpenSSL::X509::Store.new
+    cert_store.set_default_paths
+
+    client_without_store = test_client
+    assert_nil client_without_store.http_client.ssl_cert_store
+    assert_nil RestClient.ssl_cert_store
+
+    client_with_store = test_client(ssl_cert_store: cert_store)
+    assert_equal client_with_store.http_client.ssl_cert_store, cert_store
+    assert_equal RestClient.ssl_cert_store, cert_store
+  end
 end