diff --git a/roles/configure-freeipa/tasks/main.yaml b/roles/configure-freeipa/tasks/main.yaml
index ad22966..b2fe7f9 100644
--- a/roles/configure-freeipa/tasks/main.yaml
+++ b/roles/configure-freeipa/tasks/main.yaml
@@ -51,6 +51,19 @@
     state: stopped
   become: true
 
+- name: Workaround https://bugzilla.redhat.com/show_bug.cgi?id=1624606
+  file:
+    path: /etc/crypto-policies/local.d/nss-p11-kit.config
+    state: absent
+  register: nss_policy_workaround
+  ignore_errors: yes
+  become: true
+
+- name: Update crypto policies
+  command: update-crypto-policies
+  become: true
+  when: nss_policy_workaround.changed
+
 - name: Configure FreeIPA
   command: >
     ipa-server-install -U -r EXAMPLE.TEST