diff --git a/CHANGELOG.md b/CHANGELOG.md
index 285a639e..108fa9e6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 - Updated to **pystac** v1.10.0 [#661](https://github.com/stac-utils/pystac-client/pull/661)
 - Use [uv](https://github.com/astral-sh/uv) for CI [#663](https://github.com/stac-utils/pystac-client/pull/663)
+- If set, use `requests`'s `REQUESTS_CA_BUNDLE` environment variable and `CURL_CA_BUNDLE` fallback to verify HTTPS requests [#655](https://github.com/stac-utils/pystac-client/pull/665)
 
 ## [v0.7.6]
 
diff --git a/pystac_client/stac_api_io.py b/pystac_client/stac_api_io.py
index e8f3bf73..362970aa 100644
--- a/pystac_client/stac_api_io.py
+++ b/pystac_client/stac_api_io.py
@@ -1,5 +1,6 @@
 import json
 import logging
+import os
 import warnings
 from copy import deepcopy
 from typing import (
@@ -41,6 +42,8 @@
 
 Timeout = Union[float, Tuple[float, float], Tuple[float, None]]
 
+CA_BUNDLE = os.environ.get("REQUESTS_CA_BUNDLE") or os.environ.get("CURL_CA_BUNDLE")
+
 
 class StacApiIO(DefaultStacIO):
     def __init__(
@@ -94,6 +97,8 @@ def __init__(
         if max_retries:
             self.session.mount("http://", HTTPAdapter(max_retries=max_retries))
             self.session.mount("https://", HTTPAdapter(max_retries=max_retries))
+        if CA_BUNDLE:
+            self.session.verify = CA_BUNDLE
         self.timeout = timeout
         self.update(
             headers=headers, parameters=parameters, request_modifier=request_modifier