diff --git a/zefie_wtvp_minisrv/app.js b/zefie_wtvp_minisrv/app.js
index b9d40e4d..6b34450a 100644
--- a/zefie_wtvp_minisrv/app.js
+++ b/zefie_wtvp_minisrv/app.js
@@ -19,6 +19,7 @@ const CryptoJS = require('crypto-js');
 const sharp = require('sharp')
 const process = require('process');
 const WTVSec = require(classPath + "/WTVSec.js");
+const WTVSSL = require(classPath + "/WTVSSL.js");
 const WTVLzpf = require(classPath + "/WTVLzpf.js");
 const WTVClientCapabilities = require(classPath + "/WTVClientCapabilities.js");
 const WTVClientSessionData = require(classPath + "/WTVClientSessionData.js");
diff --git a/zefie_wtvp_minisrv/includes/ServiceDeps/https/ca.der b/zefie_wtvp_minisrv/includes/ServiceDeps/https/ca.der
new file mode 100644
index 00000000..1b1baf4e
Binary files /dev/null and b/zefie_wtvp_minisrv/includes/ServiceDeps/https/ca.der differ
diff --git a/zefie_wtvp_minisrv/includes/ServiceVault/wtv-head-waiter/download-ssl-certs.js b/zefie_wtvp_minisrv/includes/ServiceVault/wtv-head-waiter/download-ssl-certs.js
new file mode 100644
index 00000000..0b495a99
--- /dev/null
+++ b/zefie_wtvp_minisrv/includes/ServiceVault/wtv-head-waiter/download-ssl-certs.js
@@ -0,0 +1,4 @@
+header = `200 OK
+Content-type: wtv/ssl-certs`
+
+data = wtvssl.getCACert();
\ No newline at end of file
diff --git a/zefie_wtvp_minisrv/includes/ServiceVault/wtv-head-waiter/login-stage-two.js b/zefie_wtvp_minisrv/includes/ServiceVault/wtv-head-waiter/login-stage-two.js
index 47497770..f120b035 100644
--- a/zefie_wtvp_minisrv/includes/ServiceVault/wtv-head-waiter/login-stage-two.js
+++ b/zefie_wtvp_minisrv/includes/ServiceVault/wtv-head-waiter/login-stage-two.js
@@ -134,6 +134,8 @@ wtv-messenger-enable: 0
 
 		headers += `wtv-log-url: wtv-log:/log
 wtv-ssl-log-url: wtv-log:/log
+wtv-ssl-certs-download-url: wtv-head-waiter:/download-ssl-certs
+wtv-ssl-certs-checksum: 9BD865819765B66A2756F98FB4EEFBD4
 `;
 
 		if (!limitedLogin && !limitedLoginRegistered) {
diff --git a/zefie_wtvp_minisrv/includes/classes/WTVSSL.js b/zefie_wtvp_minisrv/includes/classes/WTVSSL.js
new file mode 100644
index 00000000..ccbbff20
--- /dev/null
+++ b/zefie_wtvp_minisrv/includes/classes/WTVSSL.js
@@ -0,0 +1,18 @@
+class WTVSSL {
+    wtvshared = null;
+    constructor() {
+        const WTVShared = require("./WTVShared.js")['WTVShared'];
+        this.wtvshared = new WTVShared();
+    }
+
+    getCACert() {
+        // return the CA cert
+        const caCertFile = this.wtvshared.getServiceDep("https/ca.der")
+        if (!this.wtvshared.fs.existsSync(caCertFile)) {
+            throw new Error("CA certificate file not found");
+        }
+        return this.wtvshared.fs.readFileSync(caCertFile);
+    }
+}
+
+module.exports = WTVSSL;
\ No newline at end of file