diff --git a/pyproject.toml b/pyproject.toml
index 2c5317b..b5c1786 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -31,7 +31,6 @@ dependencies = [
   "botocore<1.35,==1.34.35",
   "pydantic<3,>=2.6",
   "pydantic-settings<3,>=2.2.1",
-  "pyopenssl<25,>=24.1",
   "pyyaml<7,>=6.0.1",
   "typing-extensions>=4",
 ]
diff --git a/requirements.txt b/requirements.txt
index 858686f..a71f720 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,6 +6,5 @@ boto3<1.35,>=1.34.35
 botocore<1.35,==1.34.35
 pydantic<3,>=2.6
 pydantic-settings<3,>=2.2.1
-pyopenssl<25,>=24.1
 pyyaml<7,>=6.0.1
 typing-extensions>=4
diff --git a/src/otaclient_iot_logging_server/boto3_session.py b/src/otaclient_iot_logging_server/boto3_session.py
index 4abd7d7..e2a4499 100644
--- a/src/otaclient_iot_logging_server/boto3_session.py
+++ b/src/otaclient_iot_logging_server/boto3_session.py
@@ -15,6 +15,7 @@
 
 from __future__ import annotations
 
+import ssl
 import subprocess
 from pathlib import Path
 from typing import Optional
@@ -22,7 +23,6 @@
 from awsiot_credentialhelper.boto3_session import Boto3SessionProvider
 from awsiot_credentialhelper.boto3_session import Pkcs11Config as aws_PKcs11Config
 from boto3 import Session
-from OpenSSL import crypto
 
 from otaclient_iot_logging_server._utils import parse_pkcs11_uri
 from otaclient_iot_logging_server.greengrass_config import (
@@ -65,10 +65,8 @@ def _convert_to_pem(_data: bytes) -> bytes:
     """Unconditionally convert input cert to PEM format."""
     if _data.startswith(b"-----BEGIN CERTIFICATE-----"):
         return _data
-    return crypto.dump_certificate(
-        crypto.FILETYPE_PEM,
-        crypto.load_certificate(crypto.FILETYPE_ASN1, _data),
-    )
+    # the input _data represents a DER format cert
+    return ssl.DER_cert_to_PEM_cert(_data).encode()
 
 
 def _load_certificate(cert_path: str, pkcs11_cfg: Optional[PKCS11Config]) -> bytes: