diff --git a/bypy/macos/util.c b/bypy/macos/util.c
index 64928528ff..4a4d0a3442 100644
--- a/bypy/macos/util.c
+++ b/bypy/macos/util.c
@@ -17,6 +17,7 @@ set_env_vars(const char* contents_path) {
 
 	for (size_t i = 0; i < arraysz(env_vars); i++) {
         env_var = env_vars[i]; val = env_var_vals[i];
+        if (strcmp(env_var, "SSL_CERT_FILE") == 0 && getenv("CALIBRE_USE_SYSTEM_CERTIFICATES") && strcmp(getenv("CALIBRE_USE_SYSTEM_CERTIFICATES"), "1") == 0) continue;
         if (strstr(val, EXE) == val && strlen(val) >= sizeof(EXE)) {
 			snprintf(buf, sizeof(buf) - 1, "%s%s", contents_path, val + sizeof(EXE) - 1);
             setenv(env_var, buf, 1);
diff --git a/bypy/windows/util.c b/bypy/windows/util.c
index 7c49e68ee4..e070a9389e 100644
--- a/bypy/windows/util.c
+++ b/bypy/windows/util.c
@@ -49,6 +49,12 @@ get_install_locations(void) {
     _wputenv_s(L"QTWEBENGINE_DISABLE_SANDBOX", "1");
     _snwprintf_s(qt_prefix_dir, MAX_PATH-1, _TRUNCATE, L"%ls\\app", interpreter_data.app_dir);
     _wputenv_s(L"CALIBRE_QT_PREFIX", qt_prefix_dir);
+    // Lots of people have trouble with various websites failing to download
+    // because of missing intermediate certificates in the windows store
+    // so use the Mozilla certificate bundle
+    _snwprintf_s(qt_prefix_dir, MAX_PATH-1, _TRUNCATE, L"%ls\\mozilla-ca-certs.pem", interpreter_data.resources_path);
+    const char *s = getenv("CALIBRE_USE_SYSTEM_CERTIFICATES");
+    if (!s || strcmp(s, "1") != 0) _wputenv_s(L"SSL_CERT_FILE", qt_prefix_dir);
 }
 
 static void
diff --git a/manual/customize.rst b/manual/customize.rst
index 8012294ee0..eb7065c657 100644
--- a/manual/customize.rst
+++ b/manual/customize.rst
@@ -52,6 +52,7 @@ Environment variables
       the system theme -- beware of crashes and hangs.
     * ``CALIBRE_SHOW_DEPRECATION_WARNINGS`` - causes calibre to print deprecation warnings to stdout. Useful for calibre developers.
     * ``CALIBRE_NO_DEFAULT_PROGRAMS`` - prevent calibre from automatically registering the filetypes it is capable of handling with Windows.
+    * ``CALIBRE_USE_SYSTEM_CERTIFICATES`` - make calibre use the system certificate store for SSL certificate verification instead of its own certificate store on Windows and macOS.
     * ``QT_QPA_PLATFORM`` - On Linux set this to ``wayland`` to force calibre to use Wayland and ``xcb`` to force use of X11.
     * ``SYSFS_PATH`` - Use if sysfs is mounted somewhere other than /sys
     * ``http_proxy``, ``https_proxy`` - used on Linux to specify an HTTP(S) proxy
diff --git a/src/calibre/gui2/__init__.py b/src/calibre/gui2/__init__.py
index 83cbbf0ff4..3e32c6b58f 100644
--- a/src/calibre/gui2/__init__.py
+++ b/src/calibre/gui2/__init__.py
@@ -1479,9 +1479,13 @@ def sanitize_env_vars():
         }
     elif iswindows:
         env_vars = {'OPENSSL_MODULES': None, 'QTWEBENGINE_DISABLE_SANDBOX': None}
+        if os.environ.get('CALIBRE_USE_SYSTEM_CERTIFICATES', '') != '1':
+            env_vars['SSL_CERT_FILE'] = None
     elif ismacos:
         env_vars = {k:None for k in (
-                    'FONTCONFIG_FILE FONTCONFIG_PATH SSL_CERT_FILE OPENSSL_ENGINES OPENSSL_MODULES').split()}
+                    'FONTCONFIG_FILE FONTCONFIG_PATH OPENSSL_ENGINES OPENSSL_MODULES').split()}
+        if os.environ.get('CALIBRE_USE_SYSTEM_CERTIFICATES', '') != '1':
+            env_vars['SSL_CERT_FILE'] = None
     else:
         env_vars = {}