diff --git a/connector/gitlab/gitlab.go b/connector/gitlab/gitlab.go
index a9b0abe2b2..0da420079c 100644
--- a/connector/gitlab/gitlab.go
+++ b/connector/gitlab/gitlab.go
@@ -3,6 +3,8 @@ package gitlab
 
 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -128,6 +130,17 @@ func (c *gitlabConnector) HandleCallback(s connector.Scopes, r *http.Request) (i
 	ctx := r.Context()
 	if c.httpClient != nil {
 		ctx = context.WithValue(r.Context(), oauth2.HTTPClient, c.httpClient)
+	} else {
+		rootCAs, _ := x509.SystemCertPool()
+		if rootCAs == nil {
+			rootCAs = x509.NewCertPool()
+		}
+		c.httpClient = &http.Client{
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{ClientCAs: rootCAs},
+			},
+		}
+		ctx = context.WithValue(r.Context(), oauth2.HTTPClient, c.httpClient)
 	}
 
 	token, err := oauth2Config.Exchange(ctx, q.Get("code"))