diff --git a/common/certificate/store.go b/common/certificate/store.go
index e42de5f9..24ed54e6 100644
--- a/common/certificate/store.go
+++ b/common/certificate/store.go
@@ -33,16 +33,14 @@ func NewStore(ctx context.Context, logger logger.Logger, options option.Certific
 	var systemPool *x509.CertPool
 	switch options.Store {
 	case C.CertificateStoreSystem, "":
-		platformInterface := service.FromContext[platform.Interface](ctx)
-		systemCertificates := platformInterface.SystemCertificates()
-		if len(systemCertificates) > 0 {
-			systemPool = x509.NewCertPool()
-			for _, cert := range systemCertificates {
-				if !systemPool.AppendCertsFromPEM([]byte(cert)) {
-					return nil, E.New("invalid system certificate PEM: ", cert)
-				}
+		systemPool = x509.NewCertPool()
+		var systemValid bool
+		for _, cert := range service.FromContext[platform.Interface](ctx).SystemCertificates() {
+			if systemPool.AppendCertsFromPEM([]byte(cert)) {
+				systemValid = true
 			}
-		} else {
+		}
+		if !systemValid {
 			certPool, err := x509.SystemCertPool()
 			if err != nil {
 				return nil, err