diff --git a/repgen/data/value.py b/repgen/data/value.py
index 025ba49..bd993cd 100644
--- a/repgen/data/value.py
+++ b/repgen/data/value.py
@@ -1,3 +1,4 @@
+import os
 import pytz,datetime,sys,time as ttime
 import operator
 from inspect import isfunction
@@ -21,7 +22,7 @@
 	from datetime import timedelta
 
 # need to enable legacy ciphers for public CDA instance
-ssl_ctx = ssl.create_default_context()
+ssl_ctx = ssl.create_default_context(cafile=os.getenv("REQUESTS_CA_BUNDLE", None))
 ssl_ctx.set_ciphers('DEFAULT')
 
 # types
diff --git a/repgen/util/urllib2_tls.py b/repgen/util/urllib2_tls.py
index 736ba49..dae8dff 100644
--- a/repgen/util/urllib2_tls.py
+++ b/repgen/util/urllib2_tls.py
@@ -2,6 +2,7 @@
 import socket
 import ssl
 import sys
+import os
 # From: https://gist.github.com/flandr/74be22d1c3d7c1dfefdd
 
 # Python 2.6's urllib2 does not allow you to select the TLS dialect,
@@ -14,6 +15,8 @@ class TLS1Connection(httplib.HTTPSConnection):
     """Like HTTPSConnection but more specific"""
     def __init__(self, host, **kwargs):
         httplib.HTTPSConnection.__init__(self, host, **kwargs)
+        # Take advantage of the requestsCA env var
+        self.cert_file = os.getenv("REQUESTS_CA_BUNDLE", self.cert_file)
 
     def connect(self):
         """Overrides HTTPSConnection.connect to specify TLS version"""