diff --git a/.chloggen/dev_fix-broken-root-ca.yaml b/.chloggen/dev_fix-broken-root-ca.yaml
new file mode 100755
index 0000000000000..c56e66d3cff8c
--- /dev/null
+++ b/.chloggen/dev_fix-broken-root-ca.yaml
@@ -0,0 +1,27 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: bug_fix
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: cmd/telemetrygen
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Inherit root CAs from the host environment if not supplied on the command line.
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [31191]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: []
diff --git a/cmd/telemetrygen/internal/common/tls_utils.go b/cmd/telemetrygen/internal/common/tls_utils.go
index d9678079a1884..286d7345adc1a 100644
--- a/cmd/telemetrygen/internal/common/tls_utils.go
+++ b/cmd/telemetrygen/internal/common/tls_utils.go
@@ -35,9 +35,15 @@ func GetTLSCredentialsForGRPCExporter(caFile string, cAuth ClientAuth) (credenti
 		return nil, err
 	}
 
-	creds := credentials.NewTLS(&tls.Config{
-		RootCAs: pool,
-	})
+	var creds credentials.TransportCredentials
+
+	if caFile != "" {
+		creds = credentials.NewTLS(&tls.Config{
+			RootCAs: pool,
+		})
+	} else {
+		creds = credentials.NewTLS(&tls.Config{})
+	}
 
 	// Configuration for mTLS
 	if cAuth.Enabled {
@@ -60,8 +66,14 @@ func GetTLSCredentialsForHTTPExporter(caFile string, cAuth ClientAuth) (*tls.Con
 		return nil, err
 	}
 
-	tlsCfg := tls.Config{
-		RootCAs: pool,
+	var tlsCfg tls.Config
+
+	if caFile != "" {
+		tlsCfg = tls.Config{
+			RootCAs: pool,
+		}
+	} else {
+		tlsCfg = tls.Config{}
 	}
 
 	// Configuration for mTLS