diff --git a/harmony/src/modules/nats/pki.rs b/harmony/src/modules/nats/pki.rs
index 0759c9b..0ac50cc 100644
--- a/harmony/src/modules/nats/pki.rs
+++ b/harmony/src/modules/nats/pki.rs
@@ -1,3 +1,7 @@
+use std::time::Duration;
+
+use tokio_retry::{Retry, strategy::ExponentialBackoff};
+
 use crate::modules::{
     cert_manager::{
         capability::{CertificateManagement, CertificateManagementConfig},
@@ -69,9 +73,28 @@ where
             .await
             .map_err(|e| e.to_string())?;
 
-        self.topology
-            .get_ca_certificate(root_ca_cert_name.into(), &root_ca_config)
-            .await
-            .map_err(|e| e.to_string())
+        let strategy = ExponentialBackoff::from_millis(250)
+            .factor(2)
+            .max_delay(Duration::from_millis(1000))
+            .take(10);
+
+        Retry::spawn(strategy, || async {
+            log::debug!("Attempting CA cert fetch");
+
+            let res = self
+                .topology
+                .get_ca_certificate(root_ca_cert_name.into(), &root_ca_config)
+                .await;
+
+            match res {
+                Ok(cert) => Ok(cert),
+                Err(e) => {
+                    log::warn!("Retryable error: {:?}", e);
+                    Err(e)
+                }
+            }
+        })
+        .await
+        .map_err(|e| format!("Retries exhausted: {:?}", e))
     }
 }