diff --git a/Cargo.lock b/Cargo.lock
index 14809121..012fbca4 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -98,7 +98,7 @@ dependencies = [
  "rcgen",
  "rustls 0.21.12",
  "rustls-native-certs 0.6.3",
- "rustls-native-certs 0.7.3",
+ "rustls-native-certs 0.8.1",
  "rustls-pemfile 2.2.0",
  "rustls-pki-types",
  "rustls-webpki 0.101.7",
@@ -448,6 +448,16 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "core-foundation"
+version = "0.10.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b2a6cd9ae233e7f62ba4e9353e81a88df7fc8a5987b8d445b4d90c879bd156f6"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
 [[package]]
 name = "core-foundation-sys"
 version = "0.8.7"
@@ -1265,7 +1275,7 @@ dependencies = [
  "openssl-probe",
  "openssl-sys",
  "schannel",
- "security-framework",
+ "security-framework 2.11.1",
  "security-framework-sys",
  "tempfile",
 ]
@@ -1796,20 +1806,19 @@ dependencies = [
  "openssl-probe",
  "rustls-pemfile 1.0.4",
  "schannel",
- "security-framework",
+ "security-framework 2.11.1",
 ]
 
 [[package]]
 name = "rustls-native-certs"
-version = "0.7.3"
+version = "0.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e5bfb394eeed242e909609f56089eecfe5fda225042e8b171791b9c95f5931e5"
+checksum = "7fcff2dd52b58a8d98a70243663a0d234c4e2b79235637849d15913394a247d3"
 dependencies = [
  "openssl-probe",
- "rustls-pemfile 2.2.0",
  "rustls-pki-types",
  "schannel",
- "security-framework",
+ "security-framework 3.5.1",
 ]
 
 [[package]]
@@ -1937,7 +1946,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02"
 dependencies = [
  "bitflags 2.9.4",
- "core-foundation",
+ "core-foundation 0.9.4",
+ "core-foundation-sys",
+ "libc",
+ "security-framework-sys",
+]
+
+[[package]]
+name = "security-framework"
+version = "3.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b3297343eaf830f66ede390ea39da1d462b6b0c1b000f420d0a83f898bbbe6ef"
+dependencies = [
+ "bitflags 2.9.4",
+ "core-foundation 0.10.1",
  "core-foundation-sys",
  "libc",
  "security-framework-sys",
@@ -1945,9 +1967,9 @@ dependencies = [
 
 [[package]]
 name = "security-framework-sys"
-version = "2.14.0"
+version = "2.15.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49db231d56a190491cb4aeda9527f1ad45345af50b0851622a7adb8c03b01c32"
+checksum = "cc1f0cbffaac4852523ce30d8bd3c5cdc873501d96ff467ca09b6767bb8cd5c0"
 dependencies = [
  "core-foundation-sys",
  "libc",
diff --git a/actix-tls/Cargo.toml b/actix-tls/Cargo.toml
index b01281e9..fa818fa6 100644
--- a/actix-tls/Cargo.toml
+++ b/actix-tls/Cargo.toml
@@ -51,12 +51,12 @@ rustls-0_21-native-roots = ["tokio-rustls-024", "dep:rustls-native-certs-06"]
 # use rustls v0.22 impls
 rustls-0_22 = ["dep:tokio-rustls-025", "dep:rustls-pki-types-1"]
 rustls-0_22-webpki-roots = ["rustls-0_22", "dep:webpki-roots-026"]
-rustls-0_22-native-roots = ["rustls-0_22", "dep:rustls-native-certs-07"]
+rustls-0_22-native-roots = ["rustls-0_22", "dep:rustls-native-certs-08"]
 
 # use rustls v0.23 impls
 rustls-0_23 = ["dep:tokio-rustls-026", "dep:rustls-pki-types-1"]
 rustls-0_23-webpki-roots = ["rustls-0_23", "dep:webpki-roots-026"]
-rustls-0_23-native-roots = ["rustls-0_23", "dep:rustls-native-certs-07"]
+rustls-0_23-native-roots = ["rustls-0_23", "dep:rustls-native-certs-08"]
 
 # use native-tls impls
 native-tls = ["dep:tokio-native-tls"]
@@ -105,7 +105,7 @@ webpki-roots-026 = { package = "webpki-roots", version = "0.26", optional = true
 
 # native root certificates for rustls impls
 rustls-native-certs-06 = { package = "rustls-native-certs", version = "0.6", optional = true }
-rustls-native-certs-07 = { package = "rustls-native-certs", version = "0.7", optional = true }
+rustls-native-certs-08 = { package = "rustls-native-certs", version = "0.8", optional = true }
 
 # native-tls
 tokio-native-tls = { version = "0.3", optional = true }
diff --git a/actix-tls/src/connect/rustls_0_23.rs b/actix-tls/src/connect/rustls_0_23.rs
index 4ea9aba3..8ae84316 100644
--- a/actix-tls/src/connect/rustls_0_23.rs
+++ b/actix-tls/src/connect/rustls_0_23.rs
@@ -40,7 +40,12 @@ pub mod reexports {
 pub fn native_roots_cert_store() -> io::Result<tokio_rustls::rustls::RootCertStore> {
     let mut root_certs = tokio_rustls::rustls::RootCertStore::empty();
 
-    for cert in rustls_native_certs_07::load_native_certs()? {
+    let certs = rustls_native_certs_08::load_native_certs();
+    if let Some(err) = certs.errors.into_iter().next() {
+        return Err(io::Error::other(err));
+    }
+
+    for cert in certs.certs {
         root_certs.add(cert).unwrap();
     }