diff --git a/config/ruby_installer.rb b/config/ruby_installer.rb
index c859319c..2476c2d1 100644
--- a/config/ruby_installer.rb
+++ b/config/ruby_installer.rb
@@ -9,6 +9,12 @@ module RubyInstaller
     SEVEN_ZIP = File.expand_path(File.join(ROOT, 'sandbox', 'extract_utils', '7za.exe'))
     BSD_TAR = File.expand_path(File.join(ROOT, 'sandbox', 'extract_utils', 'basic-bsdtar.exe'))
 
+    # SSL Certificates
+    Certificate = OpenStruct.new(
+      :url  => 'http://curl.haxx.se/ca',
+      :file => 'cacert.pem'
+    )
+
     # MinGW files
     MinGW = OpenStruct.new(
       :release => 'current',
diff --git a/rake/contrib/uri_ext.rb b/rake/contrib/uri_ext.rb
index 30b00aad..0e931db5 100644
--- a/rake/contrib/uri_ext.rb
+++ b/rake/contrib/uri_ext.rb
@@ -285,8 +285,13 @@ def connect
         http = Net::HTTP.new(host, port)
       end
       if self.instance_of? URI::HTTPS
+        cacert = "downloads/#{RubyInstaller::Certificate.file}"
         http.use_ssl = true
-        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        if File.exist?(cacert)
+          http.ca_file = cacert
+        else
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        end
       end
       yield http
     end
diff --git a/recipes/certificate.rake b/recipes/certificate.rake
new file mode 100644
index 00000000..4405939a
--- /dev/null
+++ b/recipes/certificate.rake
@@ -0,0 +1,12 @@
+namespace :certificate do
+  cert = RubyInstaller::Certificate
+
+  source = "#{cert.url}/#{cert.file}"
+  target = "downloads/#{cert.file}"
+
+  download target => source
+  task :download => target
+end
+
+task :certificate => ['certificate:download']
+task :downloads => [:certificate]