diff --git a/examples/protocols/http2_request/components/sh2lib/sh2lib.c b/examples/protocols/http2_request/components/sh2lib/sh2lib.c
index 364fdec794..8f298c4bcc 100644
--- a/examples/protocols/http2_request/components/sh2lib/sh2lib.c
+++ b/examples/protocols/http2_request/components/sh2lib/sh2lib.c
@@ -235,27 +235,35 @@ static int do_http2_connect(struct sh2lib_handle *hd)
     return 0;
 }
 
-int sh2lib_connect(struct sh2lib_handle *hd, const char *uri)
+int sh2lib_connect(struct sh2lib_config_t *cfg, struct sh2lib_handle *hd)
 {
     memset(hd, 0, sizeof(*hd));
+
+    if (cfg == NULL) {
+        ESP_LOGE(TAG, "[sh2-connect] pointer to sh2lib configurations cannot be NULL");
+        goto error;
+    }
+
     const char *proto[] = {"h2", NULL};
     esp_tls_cfg_t tls_cfg = {
         .alpn_protos = proto,
+        .cacert_buf = cfg->cacert_buf,
+        .cacert_bytes = cfg->cacert_bytes,
         .non_block = true,
         .timeout_ms = 10 * 1000,
     };
-    if ((hd->http2_tls = esp_tls_conn_http_new(uri, &tls_cfg)) == NULL) {
+    if ((hd->http2_tls = esp_tls_conn_http_new(cfg->uri, &tls_cfg)) == NULL) {
         ESP_LOGE(TAG, "[sh2-connect] esp-tls connection failed");
         goto error;
     }
     struct http_parser_url u;
     http_parser_url_init(&u);
-    http_parser_parse_url(uri, strlen(uri), 0, &u);
-    hd->hostname = strndup(&uri[u.field_data[UF_HOST].off], u.field_data[UF_HOST].len);
+    http_parser_parse_url(cfg->uri, strlen(cfg->uri), 0, &u);
+    hd->hostname = strndup(&cfg->uri[u.field_data[UF_HOST].off], u.field_data[UF_HOST].len);
 
     /* HTTP/2 Connection */
     if (do_http2_connect(hd) != 0) {
-        ESP_LOGE(TAG, "[sh2-connect] HTTP2 Connection failed with %s", uri);
+        ESP_LOGE(TAG, "[sh2-connect] HTTP2 Connection failed with %s", cfg->uri);
         goto error;
     }
 
diff --git a/examples/protocols/http2_request/components/sh2lib/sh2lib.h b/examples/protocols/http2_request/components/sh2lib/sh2lib.h
index f67137695c..78733a0b0e 100644
--- a/examples/protocols/http2_request/components/sh2lib/sh2lib.h
+++ b/examples/protocols/http2_request/components/sh2lib/sh2lib.h
@@ -38,6 +38,15 @@ struct sh2lib_handle {
     struct esp_tls  *http2_tls;    /*!< Pointer to the TLS session handle */
 };
 
+/**
+ * @brief sh2lib configuration structure
+ */
+struct sh2lib_config_t {
+    const char *uri;                    /*!< Pointer to the URI that should be connected to */
+    const unsigned char *cacert_buf;    /*!< Pointer to the buffer containing CA certificate */
+    unsigned int cacert_bytes;          /*!< Size of the CA certifiacte pointed by cacert_buf */
+};
+
 /** Flag indicating receive stream is reset */
 #define DATA_RECV_RST_STREAM      1
 /** Flag indicating frame is completely received  */
@@ -88,14 +97,13 @@ typedef int (*sh2lib_putpost_data_cb_t)(struct sh2lib_handle *handle, char *data
  *
  * Only 'https' URIs are supported.
  *
+ * @param[in]  cfg     Pointer to the sh2lib configurations of the type 'struct sh2lib_config_t'.
  * @param[out] hd      Pointer to a variable of the type 'struct sh2lib_handle'.
- * @param[in]  uri      Pointer to the URI that should be connected to.
- *
  * @return
  *             - ESP_OK if the connection was successful
  *             - ESP_FAIL if the connection fails
  */
-int sh2lib_connect(struct sh2lib_handle *hd, const char *uri);
+int sh2lib_connect(struct sh2lib_config_t *cfg, struct sh2lib_handle *hd);
 
 /**
  * @brief Free a sh2lib handle
diff --git a/examples/protocols/http2_request/main/CMakeLists.txt b/examples/protocols/http2_request/main/CMakeLists.txt
index 40f03c8800..5020cf4e91 100644
--- a/examples/protocols/http2_request/main/CMakeLists.txt
+++ b/examples/protocols/http2_request/main/CMakeLists.txt
@@ -1,2 +1,3 @@
 idf_component_register(SRCS "http2_request_example_main.c"
-                    INCLUDE_DIRS ".")
+                    INCLUDE_DIRS "."
+                    EMBED_TXTFILES "golang_root_cert.pem")
diff --git a/examples/protocols/http2_request/main/component.mk b/examples/protocols/http2_request/main/component.mk
index e69de29bb2..ff8e5fbdbf 100644
--- a/examples/protocols/http2_request/main/component.mk
+++ b/examples/protocols/http2_request/main/component.mk
@@ -0,0 +1,5 @@
+#
+# "main" pseudo-component makefile.
+#
+# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
+COMPONENT_EMBED_TXTFILES := golang_root_cert.pem
diff --git a/examples/protocols/http2_request/main/golang_root_cert.pem b/examples/protocols/http2_request/main/golang_root_cert.pem
new file mode 100644
index 0000000000..b2e43c9381
--- /dev/null
+++ b/examples/protocols/http2_request/main/golang_root_cert.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
+rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
+OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
+xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
+7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
+aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
+SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
+ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
+AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
+R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
+JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
+Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
+-----END CERTIFICATE-----
diff --git a/examples/protocols/http2_request/main/http2_request_example_main.c b/examples/protocols/http2_request/main/http2_request_example_main.c
index 0dc6dfd124..5df763cf0c 100644
--- a/examples/protocols/http2_request/main/http2_request_example_main.c
+++ b/examples/protocols/http2_request/main/http2_request_example_main.c
@@ -26,6 +26,9 @@
 #include "sh2lib.h"
 
 
+extern const uint8_t server_root_cert_pem_start[] asm("_binary_golang_root_cert_pem_start");
+extern const uint8_t server_root_cert_pem_end[]   asm("_binary_golang_root_cert_pem_end");
+
 /* The HTTP/2 server to connect to */
 #define HTTP2_SERVER_URI  "https://http2.golang.org"
 /* A GET request that keeps streaming current time every second */
@@ -101,8 +104,14 @@ static void http2_task(void *args)
 
     /* HTTP2: one connection multiple requests. Do the TLS/TCP connection first */
     printf("Connecting to server\n");
+    struct sh2lib_config_t cfg = {
+        .uri = HTTP2_SERVER_URI,
+        .cacert_buf = server_root_cert_pem_start,
+        .cacert_bytes = server_root_cert_pem_end - server_root_cert_pem_start,
+    };
     struct sh2lib_handle hd;
-    if (sh2lib_connect(&hd, HTTP2_SERVER_URI) != 0) {
+
+    if (sh2lib_connect(&cfg, &hd) != 0) {
         printf("Failed to connect\n");
         vTaskDelete(NULL);
         return;
diff --git a/examples/protocols/http2_request/sdkconfig.defaults b/examples/protocols/http2_request/sdkconfig.defaults
deleted file mode 100644
index a79804293a..0000000000
--- a/examples/protocols/http2_request/sdkconfig.defaults
+++ /dev/null
@@ -1,2 +0,0 @@
-CONFIG_ESP_TLS_INSECURE=y
-CONFIG_ESP_TLS_SKIP_SERVER_CERT_VERIFY=y