diff --git a/lib/pure/net.nim b/lib/pure/net.nim
index dcc35d65d0..73a0852204 100644
--- a/lib/pure/net.nim
+++ b/lib/pure/net.nim
@@ -696,7 +696,11 @@ when defineSsl:
           var found = false
           let useEnvVars = (if verifyMode == CVerifyPeerUseEnvVars: true else: false)
           for fn in scanSSLCertificates(useEnvVars = useEnvVars):
-            if newCTX.SSL_CTX_load_verify_locations(fn.cstring, nil) == VerifySuccess:
+            if fn.extractFilename == "":
+              if newCTX.SSL_CTX_load_verify_locations(nil, cstring(fn.normalizePathEnd(false))) == VerifySuccess:
+                found = true
+                break
+            elif newCTX.SSL_CTX_load_verify_locations(cstring(fn), nil) == VerifySuccess:
               found = true
               break
           if not found:
diff --git a/lib/pure/ssl_certs.nim b/lib/pure/ssl_certs.nim
index c7ce04ffae..c40eadf04a 100644
--- a/lib/pure/ssl_certs.nim
+++ b/lib/pure/ssl_certs.nim
@@ -126,7 +126,13 @@ iterator scanSSLCertificates*(useEnvVars = false): string =
           if fileExists(p):
             yield p
         elif dirExists(p):
+          # check if it's a dir where each cert is one file
+          # named by it's hasg
+          for fn in joinPath(p, "*.0").walkFiles:
+            yield p.normalizePathEnd(true)
+            break
           for fn in joinPath(p, "*").walkFiles():
+
             yield fn
     else:
       var