diff --git a/certs/wntrmute-ca.pem b/certs/wntrmute-ca.pem
new file mode 100644
index 0000000..a9e82ce
--- /dev/null
+++ b/certs/wntrmute-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6zCCAkygAwIBAgIUTh42D9w7YT5e/Nz+42m32ZyHNvEwCgYIKoZIzj0EAwQw
+gY0xCzAJBgNVBAYTAlVTMQkwBwYDVQQIEwAxCTAHBgNVBAcTADEiMCAGA1UEChMZ
+V05UUk1VVEUgSGVhdnkgSW5kdXN0cmllczEfMB0GA1UECxMWQ3J5cHRvZ3JhcGhp
+YyBTZXJ2aWNlczEjMCEGA1UEAxMaV05UUk1VVEUgSXNzdWluZyBBdXRob3JpdHkw
+HhcNMjYwMzExMjMxOTE0WhcNNDYwMzA3MDAxOTE0WjCBjTELMAkGA1UEBhMCVVMx
+CTAHBgNVBAgTADEJMAcGA1UEBxMAMSIwIAYDVQQKExlXTlRSTVVURSBIZWF2eSBJ
+bmR1c3RyaWVzMR8wHQYDVQQLExZDcnlwdG9ncmFwaGljIFNlcnZpY2VzMSMwIQYD
+VQQDExpXTlRSTVVURSBJc3N1aW5nIEF1dGhvcml0eTCBmzAQBgcqhkjOPQIBBgUr
+gQQAIwOBhgAEAewp0TVimwwnBnXWWYBoBNCmP73xPii58M/wWdwxY0myv2IHXiXB
+/ip4Q25dMYhFyoCMq0g5VkRl5Y18OHfxLxrdARHE/tVlvnqzNH+sG0sm53NPRIeY
+Eo0xbF546rv+/huC39SMrkZsrGmW3qiXOScX8LIQucvyJYcn2smqL2Gv8LzPo0Uw
+QzAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQU
+RVqxahQ8/leaLJjewC/xcoLJbTwwCgYIKoZIzj0EAwQDgYwAMIGIAkIA/6VhQ1/o
+yZ+JNLxXHhhvUMiv/05Man3wM9Bn/dTUC0KamJo0K1AwtWQoYU69vxs8nj4xH4+A
+oyATEqNB97byr74CQgC9sZfPWqDlFLqGO6dNEQqOF/54ya64fKQdSwNL4UzZTW8U
+215hy6CercFpR9AzFBcCAonBY5fIJvlu64SUWXlStg==
+-----END CERTIFICATE-----
diff --git a/configuration.nix b/configuration.nix
index f919b7d..58820cc 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -136,6 +136,9 @@
   };
   programs.ssh.askPassword =  "ksshaskpass";
 
+  # Trust the WNTRMUTE issuing CA for all Metacircular services.
+  security.pki.certificateFiles = [ ./certs/wntrmute-ca.pem ];
+
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
   nix.settings.trusted-users = ["kyle"];