diff --git a/requirements.txt b/requirements.txt
index d81eb323974..1de136d8d30 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -19,6 +19,7 @@ azure-mgmt-resource==24.0.0
 azure-mgmt-subscription==3.1.1
 bcrypt==5.0.*
 boto3==1.42.*
+certifi==2025.11.12
 cryptography==46.0.*
 Flask-Babel==4.0.*
 Flask-Compress==1.*
diff --git a/web/pgadmin/misc/__init__.py b/web/pgadmin/misc/__init__.py
index 43d0a655811..d23d39755b4 100644
--- a/web/pgadmin/misc/__init__.py
+++ b/web/pgadmin/misc/__init__.py
@@ -9,6 +9,7 @@
 
 """A blueprint module providing utility functions for the application."""
 
+import certifi
 from pgadmin.utils import driver
 from flask import request, current_app
 from flask_babel import gettext
@@ -371,10 +372,14 @@ def upgrade_check():
             # Do not wait for more than 5 seconds.
             # It stuck on rendering the browser.html, while working in the
             # broken network.
-            if os.path.exists(config.CA_FILE) and sys.version_info >= (
+            if sys.version_info >= (
                     3, 13):
                 # Use SSL context for Python 3.13+
-                context = ssl.create_default_context(cafile=config.CA_FILE)
+                if os.path.exists(config.CA_FILE):
+                    context = ssl.create_default_context(cafile=config.CA_FILE)
+                else:
+                    context = ssl.create_default_context(certifi.where())
+
                 response = urlopen(url, data=data, timeout=5,
                                    context=context)
             elif os.path.exists(config.CA_FILE):
@@ -382,7 +387,7 @@ def upgrade_check():
                 response = urlopen(url, data=data, timeout=5,
                                    cafile=config.CA_FILE)
             else:
-                response = urlopen(url, data, 5)
+                response = urlopen(url, data, 5, cafile=certifi.where())
             current_app.logger.debug(
                 'Version check HTTP response code: %d' % response.getcode()
             )