diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index 78f9e84eb353b..e4f0ca3d1eac6 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -883,8 +883,24 @@ initialize_SSL(PGconn *conn)
 		 * differ by platform. Note that the default system locations may be
 		 * further overridden by the SSL_CERT_DIR and SSL_CERT_FILE
 		 * environment variables.
+		 * 
+		 * On Windows, we use the system store 
+		 * (https://docs.openssl.org/master/man7/OSSL_STORE-winstore/) if
+		 * neither of these environment variables is set *and* there is no 
+		 * cert.pem file nor certs/ directory within OPENSSLDIR.
 		 */
-		if (SSL_CTX_set_default_verify_paths(SSL_context) != 1)
+		
+		int rootcert_result = 
+#if defined(WIN32) && OPENSSL_VERSION_PREREQ(3, 2)
+			getenv(X509_get_default_cert_dir_env()) == NULL && 
+			  getenv(X509_get_default_cert_file_env()) == NULL && 
+			  stat(X509_get_default_cert_dir(), &buf) != 0 &&
+			  stat(X509_get_default_cert_file(), &buf) != 0 ?
+			SSL_CTX_load_verify_store(SSL_context, "org.openssl.winstore:") :
+#endif
+			SSL_CTX_set_default_verify_paths(SSL_context);
+			
+		if (rootcert_result != 1)
 		{
 			char	   *err = SSLerrmessage(ERR_get_error());