diff --git a/btrdb/conn.py b/btrdb/conn.py
index 55058a4..a07c162 100644
--- a/btrdb/conn.py
+++ b/btrdb/conn.py
@@ -65,12 +65,20 @@ def __init__(self, addrportstr, apikey=None):
             # grpc bundles its own CA certs which will work for all normal SSL
             # certificates but will fail for custom CA certs. Allow the user
             # to specify a CA bundle via env var to overcome this
-            ca_bundle = os.getenv("BTRDB_CA_BUNDLE","")
-            if ca_bundle != "":
+            env_bundle = os.getenv("BTRDB_CA_BUNDLE", "")
+            os_certs = "/etc/ssl/certs/ca-certificates.crt"
+            ca_bundle = env_bundle
+            if ca_bundle == "":
+                ca_bundle = os_certs
+            try:
                 with open(ca_bundle, "rb") as f:
                     contents = f.read()
-            else:
-                contents = None
+            except Exception:
+                if env_bundle != "":
+                    # The user has given us something but we can't use it, we need to make noise
+                    raise Exception("BTRDB_CA_BUNDLE(%s) env is defined but could not read file" % ca_bundle)
+                else:
+                    contents = None
 
             if apikey is None:
                 self.channel = grpc.secure_channel(