diff --git a/loxilb-ebpf b/loxilb-ebpf
index 0d6668308..ee662de49 160000
--- a/loxilb-ebpf
+++ b/loxilb-ebpf
@@ -1 +1 @@
-Subproject commit 0d666830820c631ce0ff1c0c5a80757948fb105c
+Subproject commit ee662de4951992d7a1db8c92c2e659404fece96d
diff --git a/pkg/loxinet/rules.go b/pkg/loxinet/rules.go
index fc75e648e..c6c12c03f 100644
--- a/pkg/loxinet/rules.go
+++ b/pkg/loxinet/rules.go
@@ -366,7 +366,12 @@ func RulesInit(zone *Zone) *RuleH {
 		nRh.epCs[i].hChk = time.NewTicker(EndPointCheckerDuration * time.Second)
 		go epTicker(nRh, i)
 	}
-	nRh.rootCAPool = x509.NewCertPool()
+	rootCAPool, err := x509.SystemCertPool()
+	if err == nil {
+		nRh.rootCAPool = rootCAPool
+	} else {
+		nRh.rootCAPool = x509.NewCertPool()
+	}
 	rootCACertile := cmn.CertPath + cmn.CACertFileName
 
 	// Check if there exist a common CA certificate