diff --git a/inventory/group_vars/all b/inventory/group_vars/all
index 38c5f8be5d..9b71063dab 100644
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -138,6 +138,12 @@ wildcard_crt_file: wildcard-2017.fedoraproject.org.cert
 wildcard_key_file: wildcard-2017.fedoraproject.org.key
 wildcard_int_file: wildcard-2017.fedoraproject.org.intermediate.cert
 
+# This is the openshift wildcard cert. Until it exists set it equal to wildcard
+os_wildcard_cert_name: wildcard-2017.fedoraproject.org
+os_wildcard_crt_file: wildcard-2017.fedoraproject.org.cert
+os_wildcard_key_file: wildcard-2017.fedoraproject.org.key
+os_wildcard_int_file: wildcard-2017.fedoraproject.org.intermediate.cert
+
 # Everywhere, always, we should sign messages and validate signatures.
 # However, we allow individual hosts and groups to override this.  Use this very
 # carefully.. and never in production (good for testing stuff in staging).
diff --git a/inventory/group_vars/staging b/inventory/group_vars/staging
index df0edaab7b..d298da88b5 100644
--- a/inventory/group_vars/staging
+++ b/inventory/group_vars/staging
@@ -10,6 +10,11 @@ wildcard_cert_file: wildcard-2017.stg.fedoraproject.org.cert
 wildcard_key_file: wildcard-2017.stg.fedoraproject.org.key
 wildcard_int_file: wildcard-2017.stg.fedoraproject.org.intermediate.cert
 
+# This is the openshift wildcard cert for stg
+os_wildcard_cert_name: wildcard-2017.app.os.stg.fedoraproject.org
+os_wildcard_cert_file: wildcard-2017.app.os.stg.fedoraproject.org.cert
+os_wildcard_key_file: wildcard-2017.app.os.stg.fedoraproject.org.key
+os_wildcard_int_file: wildcard-2017.stg.fedoraproject.org.intermediate.cert
 
 # This only does anything if the host is not RHEL6
 collectd_graphite: True
diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index 983f220eb0..cef7fa0a6c 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -566,7 +566,8 @@
     name: app.os.fedoraproject.org
     server_aliases: ["*.app.os.fedoraproject.org", "*.app.os.stg.fedoraproject.org"]
     sslonly: true
-    cert_name: "{{wildcard_cert_name}}"
+    cert_name: "{{os_wildcard_cert_name}}"
+    SSLCertificateChainFile: wildcard-2017.app.os.stg.fedoraproject.org.intermediate.cert
 
   - role: httpd/website
     name: registry.fedoraproject.org