diff --git a/docs/advanced/ssl.md b/docs/advanced/ssl.md
index da40ed2843..be0f393d1d 100644
--- a/docs/advanced/ssl.md
+++ b/docs/advanced/ssl.md
@@ -69,21 +69,11 @@ ctx.load_cert_chain(certfile="path/to/client.pem")  # Optionally also keyfile or
 client = httpx.Client(verify=ctx)
 ```
 
-### Working with `SSL_CERT_FILE` and `SSL_CERT_DIR`
+### Providing CA from environment
 
-Unlike `requests`, the `httpx` package does not automatically pull in [the environment variables `SSL_CERT_FILE` or `SSL_CERT_DIR`](https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_default_verify_paths.html). If you want to use these they need to be enabled explicitly.
+`httpx` package automatically pulls in [the environment variables `SSL_CERT_FILE` or `SSL_CERT_DIR`](https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_default_verify_paths.html) untill trust_env is `True`.
 
-For example...
-
-```python
-# Use `SSL_CERT_FILE` or `SSL_CERT_DIR` if configured.
-# Otherwise default to certifi.
-ctx = ssl.create_default_context(
-    cafile=os.environ.get("SSL_CERT_FILE", certifi.where()),
-    capath=os.environ.get("SSL_CERT_DIR"),
-)
-client = httpx.Client(verify=ctx)
-```
+Alternatively you can use `HTTPX_CA_BUNDLE` env which acts as `SSL_CERT_FILE`.
 
 ### Making HTTPS requests to a local server
 
diff --git a/docs/environment_variables.md b/docs/environment_variables.md
index 4f7a9f5284..3c84cededd 100644
--- a/docs/environment_variables.md
+++ b/docs/environment_variables.md
@@ -51,3 +51,9 @@ python -c "import httpx; httpx.get('http://example.com')"
 python -c "import httpx; httpx.get('http://127.0.0.1:5000/my-api')"
 python -c "import httpx; httpx.get('https://www.python-httpx.org')"
 ```
+
+
+## TLS
+
+### `HTTPX_CA_BUNDLE`
+Overrides default `certifi` trust store
diff --git a/httpx/_config.py b/httpx/_config.py
index 467a6c90ae..354bb15c7d 100644
--- a/httpx/_config.py
+++ b/httpx/_config.py
@@ -33,6 +33,8 @@ def create_ssl_context(
     if verify is True:
         if trust_env and os.environ.get("SSL_CERT_FILE"):  # pragma: nocover
             ctx = ssl.create_default_context(cafile=os.environ["SSL_CERT_FILE"])
+        elif trust_env and os.environ.get("HTTPX_CA_BUNDLE"):  # pragma: nocover
+            ctx = ssl.create_default_context(cafile=os.environ["HTTPX_CA_BUNDLE"])
         elif trust_env and os.environ.get("SSL_CERT_DIR"):  # pragma: nocover
             ctx = ssl.create_default_context(capath=os.environ["SSL_CERT_DIR"])
         else: