diff --git a/roles/openshift-apps/flatpak-cache/templates/squid.conf b/roles/openshift-apps/flatpak-cache/templates/squid.conf
index bd0c96ec89..679f5a5030 100644
--- a/roles/openshift-apps/flatpak-cache/templates/squid.conf
+++ b/roles/openshift-apps/flatpak-cache/templates/squid.conf
@@ -26,7 +26,7 @@ http_access deny all
 
 http_port 3128 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/pki/squid/ca/ca.crt tls-key=/etc/pki/squid/key/ca.key tls-dh=prime256v1:/etc/pki/squid/dhparam/dh.pem
 
-sslcrtd_program /usr/lib64/squid/security_file_certgen -s /var/spool/squid/ssl_db -M 20MB
+sslcrtd_program /usr/lib64/squid/security_file_certgen -s /tmp/ssl_db -M 20MB
 sslcrtd_children 5
 ssl_bump server-first all
 ssl_bump stare all
diff --git a/roles/openshift-apps/flatpak-cache/templates/start.sh b/roles/openshift-apps/flatpak-cache/templates/start.sh
index 40edd36db8..1c12d2463c 100644
--- a/roles/openshift-apps/flatpak-cache/templates/start.sh
+++ b/roles/openshift-apps/flatpak-cache/templates/start.sh
@@ -1,3 +1,4 @@
-exec /usr/lib64/squid/security_file_certgen -c -s /var/spool/squid/ssl_db -M 4096 && \
+exec /bin/mkdir -p /tmp/ssl_db && \
+  /usr/lib64/squid/security_file_certgen -c -s /tmp/ssl_db -M 4096 && \
   /sbin/squid -z && \
   /sbin/squid --foreground -f /etc/squid/squid.conf