diff --git a/config/runtime.exs b/config/runtime.exs
index a261a9e6..6d80dc37 100644
--- a/config/runtime.exs
+++ b/config/runtime.exs
@@ -26,21 +26,14 @@ if config_env() == :prod do
     ssl = System.get_env("DB_ENABLE_SSL") in [1, "1", "true", "TRUE"]
     ca_cert_pem = System.get_env("DB_CA_CERT")
 
-    ca_cert_der =
+    ssl_opts =
       if ca_cert_pem not in [nil, ""] do
-        ca_cert_pem
-        |> :public_key.pem_decode()
-        |> then(fn [pem_entry] -> :public_key.pem_entry_decode(pem_entry) end)
-        |> then(fn x -> :public_key.der_encode(:Certificate, x) end)
-      end
+        cacerts =
+          ca_cert_pem
+          |> :public_key.pem_decode()
+          |> Enum.map(fn {_, der_or_encrypted_der, _} -> der_or_encrypted_der end)
 
-    ssl_opts =
-      if ca_cert_der do
-        [
-          verify: :verify_peer,
-          cacerts: [ca_cert_der],
-          verify_fun: &:ssl_verify_hostname.verify_fun/3
-        ]
+        [verify: :verify_peer, cacerts: cacerts]
       else
         []
       end