diff --git a/releasenotes/notes/ca-cert-fix-5c434a82f9347039.yaml b/releasenotes/notes/ca-cert-fix-5c434a82f9347039.yaml
new file mode 100644
index 0000000000..09e0d31906
--- /dev/null
+++ b/releasenotes/notes/ca-cert-fix-5c434a82f9347039.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - CA certificate handling in keystone, nova, neutron and
+    cinder clients are fixed (#330635)
diff --git a/sahara/service/sessions.py b/sahara/service/sessions.py
index 7ba1080737..110b71d343 100644
--- a/sahara/service/sessions.py
+++ b/sahara/service/sessions.py
@@ -103,9 +103,9 @@ class SessionCache(object):
     def get_cinder_session(self):
         session = self._sessions.get(SESSION_TYPE_CINDER)
         if not session:
-            if not CONF.cinder.api_insecure and CONF.cinder.ca_file:
+            if not CONF.cinder.api_insecure:
                 session = keystone.Session(
-                    cert=CONF.cinder.ca_file, verify=True)
+                    verify=CONF.cinder.ca_file or True)
             else:
                 session = self.get_insecure_session()
             self._set_session(SESSION_TYPE_CINDER, session)
@@ -114,9 +114,9 @@ class SessionCache(object):
     def get_keystone_session(self):
         session = self._sessions.get(SESSION_TYPE_KEYSTONE)
         if not session:
-            if not CONF.keystone.api_insecure and CONF.keystone.ca_file:
+            if not CONF.keystone.api_insecure:
                 session = keystone.Session(
-                    cert=CONF.keystone.ca_file, verify=True)
+                    verify=CONF.keystone.ca_file or True)
             else:
                 session = self.get_insecure_session()
             self._set_session(SESSION_TYPE_KEYSTONE, session)
@@ -125,9 +125,9 @@ class SessionCache(object):
     def get_neutron_session(self):
         session = self._sessions.get(SESSION_TYPE_NEUTRON)
         if not session:
-            if not CONF.neutron.api_insecure and CONF.neutron.ca_file:
+            if not CONF.neutron.api_insecure:
                 session = keystone.Session(
-                    cert=CONF.neutron.ca_file, verify=True)
+                    verify=CONF.neutron.ca_file or True)
             else:
                 session = self.get_insecure_session()
             self._set_session(SESSION_TYPE_NEUTRON, session)
@@ -136,9 +136,9 @@ class SessionCache(object):
     def get_nova_session(self):
         session = self._sessions.get(SESSION_TYPE_NOVA)
         if not session:
-            if not CONF.nova.api_insecure and CONF.nova.ca_file:
+            if not CONF.nova.api_insecure:
                 session = keystone.Session(
-                    cert=CONF.nova.ca_file, verify=True)
+                    verify=CONF.nova.ca_file or True)
             else:
                 session = self.get_insecure_session()
             self._set_session(SESSION_TYPE_NOVA, session)
diff --git a/sahara/tests/unit/service/test_sessions.py b/sahara/tests/unit/service/test_sessions.py
index e71a6b153d..3ae240d818 100644
--- a/sahara/tests/unit/service/test_sessions.py
+++ b/sahara/tests/unit/service/test_sessions.py
@@ -38,8 +38,7 @@ class TestSessionCache(base.SaharaTestCase):
         self.override_config('ca_file', '/some/cacert', group='keystone')
         self.override_config('api_insecure', False, group='keystone')
         sc.get_session(sessions.SESSION_TYPE_KEYSTONE)
-        keystone_session.assert_called_once_with(cert='/some/cacert',
-                                                 verify=True)
+        keystone_session.assert_called_once_with(verify='/some/cacert')
 
         sc = sessions.SessionCache()
         keystone_session.reset_mock()
@@ -58,8 +57,7 @@ class TestSessionCache(base.SaharaTestCase):
         self.override_config('ca_file', '/some/cacert', group='nova')
         self.override_config('api_insecure', False, group='nova')
         sc.get_session(sessions.SESSION_TYPE_NOVA)
-        keystone_session.assert_called_once_with(cert='/some/cacert',
-                                                 verify=True)
+        keystone_session.assert_called_once_with(verify='/some/cacert')
 
         sc = sessions.SessionCache()
         keystone_session.reset_mock()
@@ -78,8 +76,7 @@ class TestSessionCache(base.SaharaTestCase):
         self.override_config('ca_file', '/some/cacert', group='cinder')
         self.override_config('api_insecure', False, group='cinder')
         sc.get_session(sessions.SESSION_TYPE_CINDER)
-        keystone_session.assert_called_once_with(cert='/some/cacert',
-                                                 verify=True)
+        keystone_session.assert_called_once_with(verify='/some/cacert')
 
         sc = sessions.SessionCache()
         keystone_session.reset_mock()
@@ -98,8 +95,7 @@ class TestSessionCache(base.SaharaTestCase):
         self.override_config('ca_file', '/some/cacert', group='neutron')
         self.override_config('api_insecure', False, group='neutron')
         sc.get_session(sessions.SESSION_TYPE_NEUTRON)
-        keystone_session.assert_called_once_with(cert='/some/cacert',
-                                                 verify=True)
+        keystone_session.assert_called_once_with(verify='/some/cacert')
 
         sc = sessions.SessionCache()
         keystone_session.reset_mock()