diff --git a/roles/base/tasks/system_setup/import_stepca.yml b/roles/base/tasks/system_setup/import_stepca.yml
new file mode 100644
index 0000000..a7e6bc5
--- /dev/null
+++ b/roles/base/tasks/system_setup/import_stepca.yml
@@ -0,0 +1,12 @@
+- block:
+  - name: base | system setup | get step-ca certificate
+    get_url:
+      url: "https://step-ca.universe.local/roots.pem"
+      dest: "/etc/ca-certificates/trust-source/anchors/"
+
+  - name: base | system setup | import step-ca certificate
+    command:
+      cmd: "update-ca-trust"
+  become: yes
+  rescue:
+    - set_fact: task_failed=true
\ No newline at end of file