diff --git a/inventory/group_vars/retrace b/inventory/group_vars/retrace
index c27a581b5a..d6678a4a99 100644
--- a/inventory/group_vars/retrace
+++ b/inventory/group_vars/retrace
@@ -15,6 +15,7 @@ nrpe_procs_crit: 1000
 # Since retrace is on the qa network, it needs to actively connect to our
 # inbound relay.
 fedmsg_active: True
+fedmsg_cert_prefix: faf
 
 # Declare fedmsg certs that should be put in /etc/pki/fedmsg/
 # These are consumed by a task in roles/fedmsg/base/main.yml
diff --git a/roles/fedmsg/base/templates/base.py.j2 b/roles/fedmsg/base/templates/base.py.j2
index 20487a9f6d..8a4427a221 100644
--- a/roles/fedmsg/base/templates/base.py.j2
+++ b/roles/fedmsg/base/templates/base.py.j2
@@ -14,6 +14,16 @@ config = dict(
     # on.
     active={{fedmsg_active}},
 
+    {% if fedmsg_cert_prefix is defined %}
+    # Most fedmsg enabled services dynamically guess their cert_prefix by
+    # looking at the namespace of the python code that they're running in.  For
+    # instance, bodhi's code is in the 'bodhi' python module, so fedmsg grabs
+    # that and uses it for its cert prefix.  Some code, however, runs in an
+    # oddly-namespaced module, and so we allow the option here to override that
+    # at the host level.
+    cert_prefix='{{fedmsg_cert_prefix}}',
+    {% endif %}
+
     {% if not ansible_hostname.startswith('busgateway') %}
     # These options provide a place for hub processes to write out their last
     # processed message.  This let's them read it in at startup and figure out