diff --git a/manifest.dhall b/manifest.dhall
index a00354a9e967ab1652c4d68ef9dea0523898d81e..412de0d0c08dc311edf6dcbf5f64033c6f4eda32 100644
--- a/manifest.dhall
+++ b/manifest.dhall
@@ -555,6 +555,7 @@ in  [ callHackage "Cabal" "3.8.1.0"
     , callHackage "witherable" "0.4.2"
     , callHackage "with-utf8" "1.0.2.3"
     , callHackage "x509-store" "1.6.9"
+    , callHackage "x509-system" "1.6.7"
     , callHackage "x509" "1.7.7"
     , callHackage "xml-conduit" "1.9.1.1"
     ]
diff --git a/overlay.nix b/overlay.nix
index e1499c7412d4a700ed44953d86b8f5e065a9d106..685d37e401458a12815599c7af46e51ad933ff08 100644
--- a/overlay.nix
+++ b/overlay.nix
@@ -721,6 +721,8 @@ final: prev: with pkgs.haskell.lib; {
 
   x509-store = prev.callPackage (./pkgs/x509-store.nix) { };
 
+  x509-system = prev.callPackage (./pkgs/x509-system.nix) { };
+
   xml-conduit = prev.callPackage (./pkgs/xml-conduit.nix) { };
 
 }
diff --git a/pkgs/x509-system.nix b/pkgs/x509-system.nix
new file mode 100644
index 0000000000000000000000000000000000000000..d41d8771b395973725e40fe84c298deb88896356
--- /dev/null
+++ b/pkgs/x509-system.nix
@@ -0,0 +1,44 @@
+{ mkDerivation
+, base
+, bytestring
+, containers
+, directory
+, filepath
+, lib
+, mtl
+, pem
+, process
+, x509
+, x509-store
+}:
+mkDerivation {
+  pname = "x509-system";
+  version = "1.6.7";
+  sha256 = "68fc1ffd9b33fc85886934a39f12064ef465b12043503fe1b489c098bb6a2b11";
+  isLibrary = true;
+  isExecutable = false;
+  enableSeparateDataOutput = false;
+  libraryHaskellDepends = [
+    base
+    bytestring
+    containers
+    directory
+    filepath
+    mtl
+    pem
+    process
+    x509
+    x509-store
+  ];
+  enableLibraryProfiling = false;
+  enableExecutableProfiling = false;
+  doHaddock = false;
+  jailbreak = true;
+  doCheck = false;
+  doBenchmark = false;
+  hyperlinkSource = false;
+  homepage = "http://github.com/vincenthz/hs-certificate";
+  description = "Handle per-operating-system X.509 accessors and storage";
+  license = lib.licenses.bsd3;
+  broken = false;
+}