diff --git a/setup.cfg b/setup.cfg
index 342cd24..8b0c514 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -29,6 +29,7 @@ python_requires = >=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*
 install_requires =
     keyring >= 16.0
     requests >= 2.20.0
+    truststore >= 0.10.0
 
 [options.packages.find]
 where=src
diff --git a/src/artifacts_keyring/plugin.py b/src/artifacts_keyring/plugin.py
index c3740a5..48f7251 100644
--- a/src/artifacts_keyring/plugin.py
+++ b/src/artifacts_keyring/plugin.py
@@ -7,20 +7,35 @@
 
 import json
 import os
+import ssl
+import truststore
 import requests
 import subprocess
 import sys
 import warnings
 import shutil
 
+from requests.adapters import HTTPAdapter
+
 from . import __version__
 from .support import Popen
 
 
+class TruststoreAdapter(HTTPAdapter):
+    def init_poolmanager(self, connections, maxsize, block=False):
+        ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+        return super().init_poolmanager(connections, maxsize, block, ssl_context=ctx)
+
+
 class CredentialProvider(object):
     _NON_INTERACTIVE_VAR_NAME = "ARTIFACTS_KEYRING_NONINTERACTIVE_MODE"
 
     def __init__(self):
+        self.session = requests.Session()
+        adapter = TruststoreAdapter()
+        self.session.mount("http://", adapter)
+        self.session.mount("https://", adapter)
+
         if sys.platform.startswith("win"):
             # by default, attempt to search netfx plugins folder.
             # if that doesn't exist, search netcore for newer credprovider versions.
@@ -96,7 +111,7 @@ def _is_upload_endpoint(self, url):
 
 
     def _can_authenticate(self, url, auth):
-        response = requests.get(url, auth=auth)
+        response = self.session.get(url, auth=auth)
 
         return response.status_code < 500 and \
             response.status_code != 401 and \
diff --git a/src/tests/test_backend.py b/src/tests/test_backend.py
index a85dcf9..c0d30c0 100644
--- a/src/tests/test_backend.py
+++ b/src/tests/test_backend.py
@@ -82,13 +82,13 @@ def validating_provider(monkeypatch):
     def mock_get_credentials(self, url, is_retry):
         return url, is_retry
 
-    def mock_requests_get(url, auth):
+    def mock_requests_get(self, url, **kwargs):
         response = MockGetResponse()
         response.status_code = int(url[:3])
         return response
 
     monkeypatch.setattr(CredentialProvider, "_get_credentials_from_credential_provider", mock_get_credentials)
-    monkeypatch.setattr(requests, "get", mock_requests_get)
+    monkeypatch.setattr(requests.Session, "get", mock_requests_get)
 
     yield CredentialProvider()