diff --git a/ansible/roles/octavia/templates/octavia.conf.j2 b/ansible/roles/octavia/templates/octavia.conf.j2
index b6bd7b21a8ac5eb367af7556a4d4afc39582d748..29227e4d29f9c6b0aba25cce0b9340726e85ef41 100644
--- a/ansible/roles/octavia/templates/octavia.conf.j2
+++ b/ansible/roles/octavia/templates/octavia.conf.j2
@@ -15,6 +15,8 @@ ca_private_key = /etc/octavia/certs/private/cakey.pem
 ca_certificate = /etc/octavia/certs/ca_01.pem
 {% if enable_barbican | bool %}
 region_name = {{ openstack_region_name }}
+endpoint_type = internal
+ca_certificates_file = {{ openstack_cacert }}
 {% endif %}
 
 [haproxy_amphora]
diff --git a/releasenotes/notes/use-internal-endpoint-for-barbican-in-octavia-0bcdcf91a8adc95c.yaml b/releasenotes/notes/use-internal-endpoint-for-barbican-in-octavia-0bcdcf91a8adc95c.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..3cc26abef12471e8d32c9dd91110ed9fc53ee69e
--- /dev/null
+++ b/releasenotes/notes/use-internal-endpoint-for-barbican-in-octavia-0bcdcf91a8adc95c.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Switch endpoint_type from public to internal for octavia
+    communicating with the barbican service. See
+    `bug 1875618 <https://bugs.launchpad.net/kolla-ansible/+bug/1875618>`__
+    for details.