diff --git a/__tests__/util/request-manager.js b/__tests__/util/request-manager.js
index be9b964653..83780c2733 100644
--- a/__tests__/util/request-manager.js
+++ b/__tests__/util/request-manager.js
@@ -308,3 +308,24 @@ test('RequestManager.saveHar no captureHar error message', async () => {
     expect(err.message).toBe('RequestManager was not setup to capture HAR files');
   }
 });
+
+test('Regex Dos', () => {
+  const nativeFs = require('fs');
+  const os = require('os');
+
+  const bundle = '' + '-----BEGIN '.repeat(50000) + '\r';
+  const tmp = path.join(os.tmpdir(), `cafile-${Date.now()}.pem`);
+  nativeFs.writeFileSync(tmp, bundle, 'utf8');
+
+  const rm = new RequestManager((new Reporter(): any));
+
+  const start = Date.now();
+  rm.setOptions({userAgent: 'ua/1.0', strictSSL: false, cafile: tmp});
+  const duration = Date.now() - start;
+
+  expect(duration).toBeLessThan(3000);
+
+  try {
+    nativeFs.unlinkSync(tmp);
+  } catch (_) {}
+});
diff --git a/src/util/request-manager.js b/src/util/request-manager.js
index fd41bf2100..02ab9b1a82 100644
--- a/src/util/request-manager.js
+++ b/src/util/request-manager.js
@@ -184,7 +184,7 @@ export default class RequestManager {
         const bundle = fs.readFileSync(opts.cafile).toString();
         const hasPemPrefix = block => block.startsWith('-----BEGIN ');
         // opts.cafile overrides opts.ca, this matches with npm behavior
-        this.ca = bundle.split(/(-----BEGIN .*\r?\n[^-]+\r?\n--.*)/).filter(hasPemPrefix);
+        this.ca = bundle.split(/(-----BEGIN (?:(?!-).)*\r?\n[^-]+\r?\n--.*)/).filter(hasPemPrefix);
       } catch (err) {
         this.reporter.error(`Could not open cafile: ${err.message}`);
       }