diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2
index 06f08c2980..862c2e6842 100644
--- a/ansible/roles/magnum/templates/magnum.conf.j2
+++ b/ansible/roles/magnum/templates/magnum.conf.j2
@@ -32,30 +32,37 @@ endpoint_type = publicURL
 [heat_client]
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
+ca_file = {{ openstack_cacert }}
 
 [octavia_client]
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
+ca_file = {{ openstack_cacert }}
 
 [cinder_client]
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
+ca_file = {{ openstack_cacert }}
 
 [barbican_client]
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
+ca_file = {{ openstack_cacert }}
 
 [glance_client]
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
+ca_file = {{ openstack_cacert }}
 
 [neutron_client]
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
+ca_file = {{ openstack_cacert }}
 
 [nova_client]
 region_name = {{ openstack_region_name }}
 endpoint_type = internalURL
+ca_file = {{ openstack_cacert }}
 
 [keystone_auth]
 auth_url = {{ keystone_internal_url }}/v3
@@ -78,6 +85,7 @@ user_domain_name = {{ default_user_domain_name }}
 project_name = service
 username = {{ magnum_keystone_user }}
 password = {{ magnum_keystone_password }}
+cafile = {{ openstack_cacert }}
 region_name = {{ openstack_region_name }}
 
 memcache_security_strategy = ENCRYPT
diff --git a/releasenotes/notes/fix-magnum-tls-cacert-dd5ab5729391beb2.yaml b/releasenotes/notes/fix-magnum-tls-cacert-dd5ab5729391beb2.yaml
new file mode 100644
index 0000000000..a4e5cf2aa4
--- /dev/null
+++ b/releasenotes/notes/fix-magnum-tls-cacert-dd5ab5729391beb2.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixes an issue with Magnum when TLS is enabled. `LP#781062
+    <https://review.opendev.org/c/openstack/kolla-ansible/+/781062>`__