diff --git a/roles/rabbitmq_cluster/tasks/main.yml b/roles/rabbitmq_cluster/tasks/main.yml
index e462c24fd0..f0bd1fc556 100644
--- a/roles/rabbitmq_cluster/tasks/main.yml
+++ b/roles/rabbitmq_cluster/tasks/main.yml
@@ -35,6 +35,54 @@
   tags:
   - rabbitmq_cluster
   - config
+  when: "env == 'production'"
+
+- name: Create CA certs directory
+  ansible.builtin.file:
+    path: /etc/rabbitmq/cacerts/
+    owner: root
+    group: root
+    mode: 0755
+    state: directory
+  tags:
+  - rabbitmq_cluster
+  - config
+
+- name: Deploy CA certificate
+  ansible.builtin.copy:
+    src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"
+    dest: /etc/rabbitmq/cacerts/ca.crt
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+  - rabbitmq_cluster
+  - config
+  when: "env == 'staging'"
+
+- name: Deploy CA certificate
+  ansible.builtin.copy:
+    src: "{{private}}/files/rabbitmq/{{env}}.old-2025-04/pki/ca.crt"
+    dest: /etc/rabbitmq/cacerts/ca.old.crt
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+  - rabbitmq_cluster
+  - config
+  when: "env == 'staging'"
+
+- name: Build combined CA cert
+  ansible.builtin.assemble:
+    src: /etc/rabbitmq/cacerts/
+    dest: /etc/rabbitmq/ca.crt
+    owner: root
+    group: root
+    mode: 0644
+  tags:
+  - rabbitmq_cluster
+  - config
+  when: "env == 'staging'"
 
 - name: Create node cert directory
   ansible.builtin.file: path=/etc/rabbitmq/nodecert/ owner=root group=root mode=0755 state=directory