diff --git a/lib/public_key/src/pubkey_os_cacerts.erl b/lib/public_key/src/pubkey_os_cacerts.erl
index 6fa5fdb9a669..234abd1cf452 100644
--- a/lib/public_key/src/pubkey_os_cacerts.erl
+++ b/lib/public_key/src/pubkey_os_cacerts.erl
@@ -37,7 +37,15 @@
 get() ->
     case persistent_term:get(?MODULE, not_loaded) of
         not_loaded ->
-            case load() of
+            _ = application:load(public_key),
+
+            Result =
+                case application:get_env(public_key, cacerts_path) of
+                    {ok, EnvVar} -> load([EnvVar]);
+                    undefined -> load()
+                end,
+
+            case Result of
                 ok ->
                     persistent_term:get(?MODULE);
                 {error, Reason} ->
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 8e216aa1ff85..4799ec4d538c 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -2238,7 +2238,17 @@ cacerts_get() ->
 %%--------------------------------------------------------------------
 -doc(#{title => <<"Certificate API">>,
        since => <<"OTP 25.0">>}).
--doc "Loads the OS supplied trusted CA certificates.".
+-doc """
+Loads the OS supplied trusted CA certificates.
+
+This can be overridden by setting the `cacerts_path`
+environment key of the `public_key` application with
+the location of an alternative OS supplied certificate.
+You can set it via the command line as:
+
+    erl -public_key cacerts_path '"/path/to/my/certs"'
+
+""".
 
 -spec cacerts_load() -> ok | {error, Reason::term()}.
 %%--------------------------------------------------------------------