diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc
index aa5fc61f19e435..368b81cdd66392 100644
--- a/src/crypto/crypto_context.cc
+++ b/src/crypto/crypto_context.cc
@@ -785,8 +785,11 @@ void SecureContext::SetCACert(const BIOPointer& bio) {
   if (!bio) return;
   while (X509Pointer x509 = X509Pointer(PEM_read_bio_X509_AUX(
              bio.get(), nullptr, NoPasswordCallback, nullptr))) {
+    // Get the existing cert store from the SSL context
+    // instead of GetCertStoreOwnedByThisSecureContext()
+    // to avoid creating X509_STORE based on root_certs, which is very slow
     CHECK_EQ(1,
-             X509_STORE_add_cert(GetCertStoreOwnedByThisSecureContext(),
+             X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx_.get()),
                                  x509.get()));
     CHECK_EQ(1, SSL_CTX_add_client_CA(ctx_.get(), x509.get()));
   }