diff --git a/docs/custom-root-ca.md b/docs/custom-root-ca.md
index 084bc6420d..c4120694d4 100644
--- a/docs/custom-root-ca.md
+++ b/docs/custom-root-ca.md
@@ -13,6 +13,9 @@ FROM containerbase/buildpack
 
 COPY my-root-ca.crt /usr/local/share/ca-certificates/my-root-ca.crt
 RUN update-ca-certificates
+
+# configure node
+ENV NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/my-root-ca.crt
 ```
 
 **TODO**: For java based tools we need another option
@@ -20,11 +23,11 @@ RUN update-ca-certificates
 ## Runtime install
 
 Most OpenSSL base tools (and maybe BoringSSL) support `SSL_CERT_FILE` environment for additional custom root ca files.
-We use `NODE_OPTIONS="--use-openssl-ca"`, so NodeJS is using the same certificate options as OpenSSL.
 
 ```bash
 docker run --rm -it \
   -v my-root-ca.crt:/my-root-ca.crt \
   -e SSL_CERT_FILE=/my-root-ca.crt \
+  -e NODE_EXTRA_CA_CERTS=/my-root-ca.crt \
   containerbase/buildpack bash
 ```
diff --git a/src/usr/local/buildpack/tools/node.sh b/src/usr/local/buildpack/tools/node.sh
index 911055ec7f..d33a71aad5 100644
--- a/src/usr/local/buildpack/tools/node.sh
+++ b/src/usr/local/buildpack/tools/node.sh
@@ -47,9 +47,6 @@ chmod -R g+w $NPM_CONFIG_PREFIX
 export_env NPM_CONFIG_PREFIX $NPM_CONFIG_PREFIX
 export_path "\$NPM_CONFIG_PREFIX/bin"
 
-# use openssl certificates
-export_env NODE_OPTIONS "--use-openssl-ca"
-
 shell_wrapper node
 shell_wrapper npm
 
diff --git a/test/latest/Dockerfile b/test/latest/Dockerfile
index 0e8ed1784b..02e4720a99 100644
--- a/test/latest/Dockerfile
+++ b/test/latest/Dockerfile
@@ -77,7 +77,7 @@ ARG APT_HTTP_PROXY
 RUN install-tool node v14.18.1
 
 RUN set -ex; \
-  nginx && su -c 'SSL_CERT_FILE=/test/ca.pem node request.mjs' ${USER_NAME}
+  nginx && su -c 'NODE_EXTRA_CA_CERTS=/test/ca.pem node request.mjs' ${USER_NAME}
 
 #--------------------------------------
 # test: php