diff --git a/kube-client/Cargo.toml b/kube-client/Cargo.toml
index 236e70519..e368a0050 100644
--- a/kube-client/Cargo.toml
+++ b/kube-client/Cargo.toml
@@ -58,7 +58,7 @@ kube-core = { path = "../kube-core", version = "=0.86.0" }
 jsonpath_lib = { version = "0.3.0", optional = true }
 tokio-util = { version = "0.7.0", optional = true, features = ["io", "codec"] }
 hyper = { version = "0.14.13", optional = true, features = ["client", "http1", "stream", "tcp"] }
-hyper-rustls = { version = "0.24.0", optional = true }
+hyper-rustls = { version = "0.24.0", optional = true, features = ["webpki-roots"] }
 tokio-tungstenite = { version = "0.20.0", optional = true }
 tower = { version = "0.4.13", optional = true, features = ["buffer", "filter", "util"] }
 tower-http = { version = "0.4.0", optional = true, features = ["auth", "map-response-body", "trace"] }
diff --git a/kube-client/src/client/tls.rs b/kube-client/src/client/tls.rs
index 45785a8c9..7ad727792 100644
--- a/kube-client/src/client/tls.rs
+++ b/kube-client/src/client/tls.rs
@@ -48,7 +48,11 @@ pub mod rustls_tls {
                 .with_safe_defaults()
                 .with_root_certificates(root_store(certs)?)
         } else {
-            ClientConfig::builder().with_safe_defaults().with_native_roots()
+            if cfg!(target_os = "android") || cfg!(target_os = "ios") {
+                ClientConfig::builder().with_safe_defaults().with_webpki_roots()
+            } else {
+                ClientConfig::builder().with_safe_defaults().with_native_roots()
+            }
         };
 
         let mut client_config = if let Some((chain, pkey)) = identity_pem.map(client_auth).transpose()? {