diff --git a/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java b/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java
index b4b9b25d1de..0739fa3d453 100644
--- a/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java
+++ b/util/src/main/java/io/grpc/util/AdvancedTlsX509TrustManager.java
@@ -339,6 +339,10 @@ public void run() {
   private long readAndUpdate(File trustCertFile, long oldTime)
       throws IOException, GeneralSecurityException {
     long newTime = checkNotNull(trustCertFile, "trustCertFile").lastModified();
+    if (newTime == 0) {
+      throw new IOException(
+          "Certificate file not found or not readable: " + trustCertFile.getAbsolutePath());
+    }
     if (newTime == oldTime) {
       return oldTime;
     }
diff --git a/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java b/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java
index 228dbf5ea5b..b9803b03570 100644
--- a/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java
+++ b/util/src/test/java/io/grpc/util/AdvancedTlsX509TrustManagerTest.java
@@ -142,6 +142,17 @@ record -> record.getMessage().contains("Default value of "));
     }
   }
 
+  @Test
+  public void missingFile_throwsFileNotFoundException() throws Exception {
+    AdvancedTlsX509TrustManager trustManager = AdvancedTlsX509TrustManager.newBuilder().build();
+    File nonExistentFile = new File("missing_cert.pem");
+    Exception thrown =
+        assertThrows(Exception.class, () -> trustManager.updateTrustCredentials(nonExistentFile));
+    assertNotNull(thrown);
+    assertEquals(thrown.getMessage(),
+        "Certificate file not found or not readable: " + nonExistentFile.getAbsolutePath());
+  }
+
   @Test
   public void clientTrustedWithSocketTest() throws Exception {
     AdvancedTlsX509TrustManager trustManager = AdvancedTlsX509TrustManager.newBuilder()