diff --git a/ansible/roles/masakari/tasks/config.yml b/ansible/roles/masakari/tasks/config.yml
index f81109d3460b03035d2fd67e26f4d2b15c48be67..047814dcb1f960a72db007399b0c5ccae5e65b83 100644
--- a/ansible/roles/masakari/tasks/config.yml
+++ b/ansible/roles/masakari/tasks/config.yml
@@ -58,6 +58,10 @@
   notify:
     - Restart {{ item.key }} container
 
+- include_tasks: copy-certs.yml
+  when:
+    - kolla_copy_ca_into_containers | bool
+
 - name: Copying over masakari.conf
   vars:
     service: "{{ item.key }}"
diff --git a/ansible/roles/masakari/tasks/copy-certs.yml b/ansible/roles/masakari/tasks/copy-certs.yml
new file mode 100644
index 0000000000000000000000000000000000000000..84e7656a56c1e99171a04f783fc707e094e89c3f
--- /dev/null
+++ b/ansible/roles/masakari/tasks/copy-certs.yml
@@ -0,0 +1,6 @@
+---
+- name: "Copy certificates and keys for {{ project_name }}"
+  import_role:
+    role: service-cert-copy
+  vars:
+    project_services: "{{ masakari_services }}"
diff --git a/ansible/roles/masakari/templates/masakari.conf.j2 b/ansible/roles/masakari/templates/masakari.conf.j2
index bba3704b3a9f78c025a9258e117e6acc8557a76f..92dc06b1edef95cdf8c639ec98e3dcdff0b8594d 100644
--- a/ansible/roles/masakari/templates/masakari.conf.j2
+++ b/ansible/roles/masakari/templates/masakari.conf.j2
@@ -12,6 +12,7 @@ os_privileged_user_tenant = service
 os_privileged_user_auth_url = {{ keystone_internal_url }}/v3
 os_privileged_user_name = {{ nova_keystone_user }}
 os_privileged_user_password = {{ nova_keystone_password }}
+nova_ca_certificates_file = {{ openstack_cacert }}
 
 [database]
 connection = mysql+pymysql://{{ masakari_database_user }}:{{ masakari_database_password }}@{{ masakari_database_address }}/{{ masakari_database_name }}
diff --git a/releasenotes/notes/fix-masakari-tls-64f010c037e95bea.yaml b/releasenotes/notes/fix-masakari-tls-64f010c037e95bea.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9a82cb4fac5aa8d2334bae1a4b7c97887d4b4022
--- /dev/null
+++ b/releasenotes/notes/fix-masakari-tls-64f010c037e95bea.yaml
@@ -0,0 +1,8 @@
+---
+fixes:
+  - |
+    Fixes an issue with Masakari and internal TLS where CA certificates were
+    not copied into containers, and the path to the CA file was not configured.
+    Depends on `masakari bug 1873736
+    <https://bugs.launchpad.net/masakari/+bug/1873736>`__ being fixed.
+    `LP#1888655 <https://bugs.launchpad.net/kolla-ansible/+bug/1888655>`__