diff --git a/apparmor.d/groups/virt/containerd b/apparmor.d/groups/virt/containerd
index c40c454e..c44b9300 100644
--- a/apparmor.d/groups/virt/containerd
+++ b/apparmor.d/groups/virt/containerd
@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}bin/containerd
 profile containerd @{exec_path} {
   include <abstractions/base>
+  include <abstractions/ssl_certs>
   include <abstractions/nameservice-strict>
 
   capability dac_read_search,