diff --git a/.gitea/workflows/vault.yaml b/.gitea/workflows/vault.yaml
index c6030c9..fda6cc7 100644
--- a/.gitea/workflows/vault.yaml
+++ b/.gitea/workflows/vault.yaml
@@ -20,6 +20,7 @@ concurrency:
   id: vault-secrets
   with:
     url: https://vault.arcodange.lab
+    caCertificate: ${{ secrets.HOMELAB_CA_CERT }}
     jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
     role: gitea_cicd_webapp
     method: jwt
@@ -49,6 +50,9 @@ jobs:
       OPENTOFU_VERSION: 1.8.2
       TERRAFORM_VAULT_AUTH_JWT: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
     steps:
+      - run: |
+          curl https://ssl-ca.arcodange.lab:8443/roots.pem -ks > /usr/local/share/ca-certificates/arcodange-root.crt && update-ca-certificates 2>/dev/null >/dev/null
+          export VAULT_CACERT=/usr/local/share/ca-certificates/arcodange-root.crt
       - *vault_step
       - uses: actions/checkout@v4
       - name: terraform apply