diff --git a/Sources/ContainerCommands/System/SystemStart.swift b/Sources/ContainerCommands/System/SystemStart.swift
index eae26800..6cf62766 100644
--- a/Sources/ContainerCommands/System/SystemStart.swift
+++ b/Sources/ContainerCommands/System/SystemStart.swift
@@ -70,7 +70,10 @@ extension Application {
             let apiServerDataUrl = appRoot.appending(path: "apiserver")
             try! FileManager.default.createDirectory(at: apiServerDataUrl, withIntermediateDirectories: true)
 
-            var env = PluginLoader.filterEnvironment()
+            var env = PluginLoader.filterEnvironment(
+                env: ProcessInfo.processInfo.environment,
+                additionalAllowKeys: ["SSL_CERT_FILE"],
+            )
             env[ApplicationRoot.environmentName] = appRoot.path(percentEncoded: false)
             env[InstallRoot.environmentName] = installRoot.path(percentEncoded: false)
 
diff --git a/Sources/Services/ContainerAPIService/Client/FileDownloader.swift b/Sources/Services/ContainerAPIService/Client/FileDownloader.swift
index 83aabfc5..ab540ef8 100644
--- a/Sources/Services/ContainerAPIService/Client/FileDownloader.swift
+++ b/Sources/Services/ContainerAPIService/Client/FileDownloader.swift
@@ -67,6 +67,8 @@ public struct FileDownloader {
             connect: .seconds(30),
             read: .none
         )
+
+        httpConfiguration.tlsConfiguration = TLSUtils.makeEnvironmentAwareTLSConfiguration()
         if let host = url.host {
             let proxyURL = ProxyUtils.proxyFromEnvironment(scheme: url.scheme, host: host)
             if let proxyURL, let proxyHost = proxyURL.host {