diff --git a/common/default.nix b/common/default.nix
index a6cc9c6..6266c08 100644
--- a/common/default.nix
+++ b/common/default.nix
@@ -7,6 +7,7 @@
     ./locale.nix
     ./networking.nix
     ./remote-access.nix
+    ./russian-trusted-ca.nix
     ./security.nix
     ./stateless.nix
     ./user.nix
diff --git a/common/russian-trusted-ca.nix b/common/russian-trusted-ca.nix
new file mode 100644
index 0000000..6fcdd73
--- /dev/null
+++ b/common/russian-trusted-ca.nix
@@ -0,0 +1,14 @@
+{ config, pkgs,... }:
+
+let 
+  root_ca = pkgs.fetchurl {
+    url = "https://gu-st.ru/content/lending/russian_trusted_root_ca_pem.crt";
+    hash = "sha256-k2pD/qbo5SW8wPgazZw9IbT8S5torOp5BtaYAFr8ZQQ=";
+  };
+  sub_ca = pkgs.fetchurl {
+    url = "https://gu-st.ru/content/lending/russian_trusted_sub_ca_pem.crt";
+    hash = "sha256-8K5YnzZ3TynvNkj3mEsI1C/M5vH/7rYjbXc9rrJ0TqY=";
+  };
+in {
+  security.pki.certificateFiles = [ "${root_ca}" "${sub_ca}" ];
+}