diff --git a/deployment/nova/nova-vnc-proxy-container-puppet.yaml b/deployment/nova/nova-vnc-proxy-container-puppet.yaml
index 42a2bfe34d..29efdab5f8 100644
--- a/deployment/nova/nova-vnc-proxy-container-puppet.yaml
+++ b/deployment/nova/nova-vnc-proxy-container-puppet.yaml
@@ -50,7 +50,7 @@ parameters:
     description: If set to true and if EnableInternalTLS is enabled, it will
                  enable TLS transaport for libvirt VNC and configure the
                  relevant keys for libvirt.
-  InternalTLSVncCAFile:
+  InternalTLSVncProxyCAFile:
     default: '/etc/pki/CA/certs/vnc.crt'
     type: string
     description: Specifies the CA cert to use for VNC TLS.
@@ -61,7 +61,7 @@ parameters:
                  This file will be symlinked to the default CA path,
                  which is /etc/pki/libvirt-vnc/ca-cert.pem.
                  This parameter should be used if the default (which comes from
-                 the InternalTLSVncCAFile parameter) is not desired. The current
+                 the InternalTLSVncProxyCAFile parameter) is not desired. The current
                  default reflects TripleO's default CA, which is FreeIPA.
                  It will only be used if internal TLS is enabled.
   StackUpdateType:
@@ -162,7 +162,7 @@ outputs:
                 tripleo::certmonger::ca::libvirt_vnc::origin_ca_pem:
                   if:
                     - libvirt_vnc_specific_ca_unset
-                    - get_param: InternalTLSVncCAFile
+                    - get_param: InternalTLSVncProxyCAFile
                     - get_param: LibvirtVncCACert
                 tripleo::certmonger::libvirt_vnc_dirs::certificate_dir: '/etc/pki/libvirt-vnc'
                 libvirt_vnc_certificates_specs:
@@ -170,7 +170,7 @@ outputs:
                     cacertfile:
                       if:
                         - libvirt_vnc_specific_ca_unset
-                        - get_param: InternalTLSVncCAFile
+                        - get_param: InternalTLSVncProxyCAFile
                         - null
                     service_certificate: '/etc/pki/libvirt-vnc/client-cert.pem'
                     service_key: '/etc/pki/libvirt-vnc/client-key.pem'
@@ -262,7 +262,7 @@ outputs:
                             CACERT:
                               if:
                                 - libvirt_vnc_specific_ca_unset
-                                - get_param: InternalTLSVncCAFile
+                                - get_param: InternalTLSVncProxyCAFile
                                 - get_param: LibvirtVncCACert
                       - /etc/pki/libvirt-vnc/client-cert.pem:/etc/pki/libvirt-vnc/client-cert.pem:ro
                       - /etc/pki/libvirt-vnc/client-key.pem:/etc/pki/libvirt-vnc/client-key.pem:ro
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index ad6eb02772..44629e82aa 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -117,6 +117,7 @@ PARAMETER_DEFINITION_EXCLUSIONS = {
     'KeystoneAdminErrorLoggingSource': ['default'],
     'KeystoneMainAcccessLoggingSource': ['default'],
     'KeystoneMainErrorLoggingSource': ['default'],
+    'LibvirtVncCACert': ['description'],
     'NeutronApiLoggingSource': ['default'],
     'NeutronDhcpAgentLoggingSource': ['default'],
     'NeutronL3AgentLoggingSource': ['default'],