diff --git a/src/ringdht/ringaccount.cpp b/src/ringdht/ringaccount.cpp
index 4bb7055442116d16c435fd61ab9f106a4e3b4b13..24e756fd4ec0e24ce12a11d3981e5c89061ac7b6 100644
--- a/src/ringdht/ringaccount.cpp
+++ b/src/ringdht/ringaccount.cpp
@@ -102,7 +102,7 @@ RingAccount::RingAccount(const std::string& accountID, bool /* presenceEnabled *
     idPath_ = fileutils::get_data_dir()+DIR_SEPARATOR_STR+getAccountID();
     fileutils::check_dir(idPath_.c_str());
     caPath_ = idPath_ + DIR_SEPARATOR_STR "certs";
-    //DEPRECATED? caListPath_ = idPath_ + DIR_SEPARATOR_STR "ca_list.pem";
+    caListPath_ = idPath_ + DIR_SEPARATOR_STR "ca_list.pem";
 }
 
 RingAccount::~RingAccount()
@@ -709,6 +709,7 @@ void RingAccount::doRegister_()
         Manager::instance().registerEventHandler((uintptr_t)this, [this]{ handleEvents(); });
         setRegistrationState(RegistrationState::TRYING);
 
+        regenerateCAList();
         dht_.bootstrap(loadNodes());
         if (!hostname_.empty()) {
             std::stringstream ss(hostname_);
@@ -1049,6 +1050,7 @@ RingAccount::loadValues() const
 void
 RingAccount::initTlsConfiguration()
 {
+    regenerateCAList();
 }
 
 static std::unique_ptr<gnutls_dh_params_int, decltype(gnutls_dh_params_deinit)&>
@@ -1200,4 +1202,26 @@ RingAccount::sendTrustRequest(const std::string& to)
                       dht::TrustRequest(DHT_TYPE_NS));
 }
 
+void
+RingAccount::regenerateCAList()
+{
+    std::ofstream list(caListPath_, std::ios::trunc | std::ios::binary);
+    if (!list.is_open()) {
+        RING_ERR("Could write CA list");
+        return;
+    }
+
+    {
+        std::ifstream file(tlsCaListFile_, std::ios::binary);
+        list << file.rdbuf();
+    }
+
+    for (const auto& ca : fileutils::readDirectory(caPath_)) {
+        std::ifstream file(ca, std::ios::binary);
+        if (!file)
+            continue;
+        list << file.rdbuf();
+    }
+}
+
 } // namespace ring
diff --git a/src/ringdht/ringaccount.h b/src/ringdht/ringaccount.h
index a5dfcaa12deca1dd2ae9a0f55a90b924a0688c7d..91f6cae5989d804f39da4583e46bbcb0ae18af31 100644
--- a/src/ringdht/ringaccount.h
+++ b/src/ringdht/ringaccount.h
@@ -291,6 +291,8 @@ class RingAccount : public SIPAccountBase {
          */
         bool mapPortUPnP();
 
+        void regenerateCAList();
+
         dht::DhtRunner dht_ {};
 
         dht::InfoHash callKey_;
diff --git a/src/security/certstore.cpp b/src/security/certstore.cpp
index 378e1380fb304c8669a9c174ba3f86aba98f915c..4dc03b9c8ae0a2c33eef0b0281c85e5ea55fb638 100644
--- a/src/security/certstore.cpp
+++ b/src/security/certstore.cpp
@@ -370,7 +370,8 @@ TrustStore::setStoreCertStatus(const crypto::Certificate& crt,
              status == TrustStore::Status::ALLOWED ? "ALLOWED" : "BANNED");
 }
 
-/*
+
+#if 0
 void
 TrustStore::generateCAList(const std::string& out_path)
 {
@@ -380,6 +381,7 @@ TrustStore::generateCAList(const std::string& out_path)
         ss << cert.second.first->toString();
     auto res = ss.str();
     fileutils::saveFile(out_path, {std::begin(res), std::end(res)});
-}*/
+}
+#endif
 
 }} // namespace ring::tls