diff --git a/images/win/Windows2019-Azure.json b/images/win/Windows2019-Azure.json
index 7c8f57d3b..424c7b853 100644
--- a/images/win/Windows2019-Azure.json
+++ b/images/win/Windows2019-Azure.json
@@ -586,6 +586,12 @@
                 "{{ template_dir }}/scripts/Installers/Install-Bazel.ps1"
             ]
         },
+        {
+            "type": "powershell",
+            "scripts":[
+                "{{ template_dir }}/scripts/Installers/Install-RootCA.ps1"
+            ]
+        },
         {
             "type": "windows-restart",
             "restart_timeout": "10m"
diff --git a/images/win/scripts/Installers/Install-RootCA.ps1 b/images/win/scripts/Installers/Install-RootCA.ps1
new file mode 100644
index 000000000..cd3a46425
--- /dev/null
+++ b/images/win/scripts/Installers/Install-RootCA.ps1
@@ -0,0 +1,22 @@
+# Serialized Certificate Store File
+$sstFile = "$env:TEMP\roots.sst"
+# Generate SST from Windows Update
+$result = certutil.exe -generateSSTFromWU $sstFile
+if ($LASTEXITCODE -ne 0) {
+    Write-Host "[Error]: failed to generate $sstFile sst file`n$result"
+    exit $LASTEXITCODE
+}
+
+$result = certutil.exe -dump $sstFile
+if ($LASTEXITCODE -ne 0) {
+    Write-Host "[Error]: failed to dump $sstFile sst file`n$result"
+    exit $LASTEXITCODE
+}
+
+try {
+    Import-Certificate -FilePath $sstFile -CertStoreLocation Cert:\LocalMachine\Root
+} catch {
+    Write-Host "[Error]: failed to import ROOT CA`n$_"
+    exit 1
+}
+