diff --git a/config.go b/config.go
index 221392b..9958ec9 100644
--- a/config.go
+++ b/config.go
@@ -53,6 +53,8 @@ type Config struct {
 
 	Realm string `yaml:"realm" json:"realm" mapstructure:"realm"`
 
+	// these security configurations will be ignored if the protocol does not contain +s
+	UseSystemCertPool bool `yaml:"use_system_cert_pool" mapstructure:"use_system_cert_pool"`
 	CAFileLocation string `yaml:"ca_file_location" mapstructure:"ca_file_location"`
 
 	// Index Strategy defines the index strategy for GoGM
diff --git a/gogm.go b/gogm.go
index 0b701f7..1174ed3 100644
--- a/gogm.go
+++ b/gogm.go
@@ -161,17 +161,30 @@ func (g *Gogm) parseOgmTypes() error {
 
 func (g *Gogm) initDriver() error {
 	var certPool *x509.CertPool
-
-	if g.config.CAFileLocation != "" {
-		certPool = x509.NewCertPool()
-		bytes, err := ioutil.ReadFile(g.config.CAFileLocation)
-		if err != nil {
-			return fmt.Errorf("failed to open ca file, %w", err)
+	isEncrypted := strings.Contains(g.config.Protocol, "+s")
+
+	if isEncrypted {
+		if g.config.UseSystemCertPool {
+			var err error
+			certPool, err = x509.SystemCertPool()
+			if err != nil {
+				return fmt.Errorf("failed to get system cert pool")
+			}
+		} else {
+			certPool = x509.NewCertPool()
 		}
 
-		certPool.AppendCertsFromPEM(bytes)
+		if g.config.CAFileLocation != "" {
+			bytes, err := ioutil.ReadFile(g.config.CAFileLocation)
+			if err != nil {
+				return fmt.Errorf("failed to open ca file, %w", err)
+			}
+
+			certPool.AppendCertsFromPEM(bytes)
+		}
 	}
 
+
 	neoConfig := func(neoConf *neo4j.Config) {
 		if g.config.EnableDriverLogs {
 			neoConf.Log = wrapLogger(g.logger)
@@ -179,7 +192,7 @@ func (g *Gogm) initDriver() error {
 
 		neoConf.MaxConnectionPoolSize = g.config.PoolSize
 
-		if g.config.CAFileLocation != "" {
+		if isEncrypted {
 			neoConf.RootCAs = certPool
 		}
 	}