diff --git a/ansible/roles/heat/templates/heat.conf.j2 b/ansible/roles/heat/templates/heat.conf.j2
index 5c58f0dc47b40f631be81c7c1f0c28d78f7a6456..9e8ed436cd811e9905b315e9f70e8d594a3154ce 100644
--- a/ansible/roles/heat/templates/heat.conf.j2
+++ b/ansible/roles/heat/templates/heat.conf.j2
@@ -89,6 +89,7 @@ policy_file = {{ heat_policy_file }}
 
 [clients]
 endpoint_type = internalURL
+ca_file = {{ openstack_cacert | default(omit) }}
 
 [oslo_middleware]
 enable_proxy_headers_parsing = True
diff --git a/releasenotes/notes/bug-1869137-d3de4debf827e1d2.yaml b/releasenotes/notes/bug-1869137-d3de4debf827e1d2.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..6b4a62a91742020c91ecd2730aa7bde7b2ca7681
--- /dev/null
+++ b/releasenotes/notes/bug-1869137-d3de4debf827e1d2.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Add client ca_cert file in heat
+    `LP#1869137 <https://bugs.launchpad.net/kolla-ansible/+bug/1869137>`__