diff --git a/roles/consul/templates/agent_cert.tpl.j2 b/roles/consul/templates/agent_cert.tpl.j2
index b9f92e7..382fff1 100644
--- a/roles/consul/templates/agent_cert.tpl.j2
+++ b/roles/consul/templates/agent_cert.tpl.j2
@@ -2,6 +2,11 @@
 [[ with secret "{{ consul_vault_tls.pki.path }}/issue/{{ consul_vault_tls.pki.role }}" "common_name=server-{{ ansible_fqdn | regex_replace('\\.', '-') }}.{{ consul_conf.datacenter | default('dc1') }}.{{ consul_conf.domain | default('consul') }}" "ttl={{ consul_vault_tls.pki.ttl }}" "alt_names=localhost,consul.service.{{ consul_conf.domain | default('consul') }},server.{{ consul_conf.datacenter | default('dc1') }}.{{ consul_conf.domain | default('consul') }}" ]]
 [[ .Data.{{ item.what }} ]]
 [[ end ]]
+{% if item.what == 'certificate' %}
+[[ with secret "{{ consul_vault_tls.pki.path }}/cert/ca" ]]
+[[ .Data.certificate ]]
+[[ end ]]
+{% endif %}
 {% else %}
 [[ with secret "{{ consul_vault_tls.pki.path }}/cert/ca" ]]
 [[ .Data.certificate ]]
diff --git a/roles/nomad/templates/agent_cert.tpl.j2 b/roles/nomad/templates/agent_cert.tpl.j2
index df7973e..88e475c 100644
--- a/roles/nomad/templates/agent_cert.tpl.j2
+++ b/roles/nomad/templates/agent_cert.tpl.j2
@@ -1,3 +1,8 @@
 [[ with secret "{{ nomad_vault_tls.pki.path }}/issue/{{ nomad_vault_tls.pki.role }}" "common_name={{ (nomad_conf.server.enabled) | ternary('server', 'client') }}-{{ ansible_fqdn | regex_replace('\\.', '-') }}.{{ nomad_conf.region | default('global') }}.nomad" "ttl={{ nomad_vault_tls.pki.ttl }}" "alt_names=localhost,{{ (nomad_conf.server.enabled) | ternary('server', 'client') }}.{{ nomad_conf.region | default('global') }}.nomad{% if nomad_conf.server.enabled and nomad_conf.client.enabled %},client.{{ nomad_conf.region | default('global') }}.nomad{% endif %}{% if consul_conf is defined %},nomad{{ nomad_conf.server.enabled | ternary('', '-client') }}.service.{{ consul_conf.domain | default('consul') }}{% endif %}" ]]
 [[ .Data.{{ item.what }} ]]
 [[ end ]]
+{% if item.what == 'certificate' %}
+[[ with secret "{{ nomad_vault_tls.pki.path }}/cert/ca" ]]
+[[ .Data.certificate ]]
+[[ end ]]
+{% endif %}