diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix
index 3d8cdd2653b..4a476a6ba13 100644
--- a/pkgs/tools/networking/curl/default.nix
+++ b/pkgs/tools/networking/curl/default.nix
@@ -63,6 +63,10 @@ stdenv.mkDerivation rec {
   '';
 
   configureFlags = [
+      # Disable default CA bundle, use NIX_SSL_CERT_FILE or fallback
+      # to nss-cacert from the default profile.
+      "--without-ca-bundle"
+      "--without-ca-path"
       "--with-ca-fallback"
       "--disable-manual"
       ( if sslSupport then "--with-ssl=${openssl.dev}" else "--without-ssl" )