diff --git a/sec-policy/selinux-custom-server/files/custom-server.te b/sec-policy/selinux-custom-server/files/custom-server.te
index 6b96b6b..0ca4f30 100644
--- a/sec-policy/selinux-custom-server/files/custom-server.te
+++ b/sec-policy/selinux-custom-server/files/custom-server.te
@@ -22,6 +22,7 @@ optional_policy(`
 	')
 
 	allow nginx_t self:capability { dac_override dac_read_search };
+	miscfiles_read_generic_certs(nginx_t)
 
 	tunable_policy(`nginx_can_read_ebuild',`
 		portage_read_ebuild(nginx_t)