diff --git a/openpype/lib/mongo.py b/openpype/lib/mongo.py
index 8bfaba75d6..054f40a5b0 100644
--- a/openpype/lib/mongo.py
+++ b/openpype/lib/mongo.py
@@ -3,6 +3,7 @@ import sys
 import time
 import logging
 import pymongo
+import certifi
 
 if sys.version_info[0] == 2:
     from urlparse import urlparse, parse_qs
@@ -93,6 +94,35 @@ def extract_port_from_url(url):
     return parsed_url.port
 
 
+def should_add_certificate_path_to_mongo_url(mongo_url):
+    """Check if should add ca certificate to mongo url.
+
+    Since 30.9.2021 cloud mongo requires newer certificates that are not
+    available on most of workstation. This adds path to certifi certificate
+    which is valid for it. To add the certificate path url must have scheme
+    'mongodb+srv' or has 'ssl=true' or 'tls=true' in url query.
+    """
+    parsed = urlparse(mongo_url)
+    query = parse_qs(parsed.query)
+    lowered_query_keys = set(key.lower() for key in query.keys())
+    add_certificate = False
+    # Check if url 'ssl' or 'tls' are set to 'true'
+    for key in ("ssl", "tls"):
+        if key in query and "true" in query["ssl"]:
+            add_certificate = True
+            break
+
+    # Check if url contains 'mongodb+srv'
+    if not add_certificate and parsed.scheme == "mongodb+srv":
+        add_certificate = True
+
+    # Check if url does already contain certificate path
+    if add_certificate and "tlscafile" in lowered_query_keys:
+        add_certificate = False
+
+    return add_certificate
+
+
 def validate_mongo_connection(mongo_uri):
     """Check if provided mongodb URL is valid.