diff --git a/storage-bigtable/Cargo.toml b/storage-bigtable/Cargo.toml
index 12730855d..63848e348 100644
--- a/storage-bigtable/Cargo.toml
+++ b/storage-bigtable/Cargo.toml
@@ -9,9 +9,10 @@ homepage = "https://solana.com/"
 edition = "2018"
 
 [dependencies]
-log = "0.4.8"
 goauth = "0.7.1"
+log = "0.4.8"
 smpl_jwt = "0.5.0"
+tonic = {version="0.3.0", features = ["tls", "transport"]}
 
 [lib]
 crate-type = ["lib"]
diff --git a/storage-bigtable/src/lib.rs b/storage-bigtable/src/lib.rs
index 5d8f47dfd..b85cb05db 100644
--- a/storage-bigtable/src/lib.rs
+++ b/storage-bigtable/src/lib.rs
@@ -1 +1,2 @@
 mod access_token;
+mod root_ca_certificate;
diff --git a/storage-bigtable/src/root_ca_certificate.rs b/storage-bigtable/src/root_ca_certificate.rs
new file mode 100644
index 000000000..e0d43231d
--- /dev/null
+++ b/storage-bigtable/src/root_ca_certificate.rs
@@ -0,0 +1,20 @@
+use std::{fs::File, io::Read};
+use tonic::transport::Certificate;
+
+pub fn load() -> Result<Certificate, String> {
+    // Respect the standard GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable if present,
+    // otherwise use the built-in root certificate
+    let pem = match std::env::var("GRPC_DEFAULT_SSL_ROOTS_FILE_PATH").ok() {
+        Some(cert_file) => File::open(&cert_file)
+            .and_then(|mut file| {
+                let mut pem = Vec::new();
+                file.read_to_end(&mut pem).map(|_| pem)
+            })
+            .map_err(|err| format!("Failed to read {}: {}", cert_file, err))?,
+        None => {
+            // PEM file from Google Trust Services (https://pki.goog/roots.pem)
+            include_bytes!("pki-goog-roots.pem").to_vec()
+        }
+    };
+    Ok(Certificate::from_pem(&pem))
+}