diff --git a/CMakeLists.txt b/CMakeLists.txt
index bbe4d2f1e..c4138f1aa 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1721,21 +1721,23 @@ if(WOLFSSL_SYS_CA_CERTS)
         override_cache(WOLFSSL_SYS_CA_CERTS "no")
     elseif(APPLE)
         check_include_file("Security/SecTrustSettings.h" HAVE_SECURITY_SECTRUSTSETTINGS_H)
-        if(NOT HAVE_SECURITY_SECTRUSTSETTINGS_H)
-            message("Can't enable system CA certs without Security/SecTrustSettings.h.")
-            override_cache(WOLFSSL_SYS_CA_CERTS "no")
-        else()
+        check_include_file("Security/SecCertificate.h" HAVE_SECURITY_SECCERTIFICATE_H)
+        check_include_file("Security/SecTrust.h" HAVE_SECURITY_SECTRUST_H)
+        check_include_file("Security/SecPolicy.h" HAVE_SECURITY_SECPOLICY_H)
+        if(HAVE_SECURITY_SECTRUSTSETTINGS_H OR (HAVE_SECURITY_SECCERTIFICATE_H
+                                                AND HAVE_SECURITY_SECTRUST_H
+                                                AND HAVE_SECURITY_SECPOLICY_H))
             find_library(CORE_FOUNDATION_FRAMEWORK CoreFoundation)
             if(NOT CORE_FOUNDATION_FRAMEWORK)
-                message("Can't enable system CA certs without CoreFoundation framework.")
-                override_cache(WOLFSSL_SYS_CA_CERTS "no")
+                message(FATAL_ERROR "Can't enable system CA certs without CoreFoundation framework.")
             else()
                 find_library(SECURITY_FRAMEWORK Security)
                 if(NOT SECURITY_FRAMEWORK)
-                    message("Can't enable system CA certs without Security framework.")
-                    override_cache(WOLFSSL_SYS_CA_CERTS "no")
+                    message(FATAL_ERROR "Can't enable system CA certs without Security framework.")
                 endif()
             endif()
+        else()
+            message(FATAL_ERROR "Can't enable system CA certs without Apple Security.framework headers.")
         endif()
     endif()