diff --git a/roles/base/files/rsyslog/rsyslog.conf.log01.iad2.fedoraproject.org b/roles/base/files/rsyslog/rsyslog.conf.log01.iad2.fedoraproject.org
index 7784bdcad7..ab33696ac6 100644
--- a/roles/base/files/rsyslog/rsyslog.conf.log01.iad2.fedoraproject.org
+++ b/roles/base/files/rsyslog/rsyslog.conf.log01.iad2.fedoraproject.org
@@ -219,4 +219,4 @@ local6.*					?m_audit;MergeFormat
 $DefaultNetstreamDriver gtls # use gtls netstream driver
 $ActionSendStreamDriverMode 1 # require TLS for the connection
 $ActionSendStreamDriverAuthMode anon # server is NOT authenticated
-$DefaultNetstreamDriverCAFile {{private}}/files/splunk-certs/2022-IT-Root-CA.pem
+$DefaultNetstreamDriverCAFile /etc/pki/tls/certs/2022-IT-Root-CA.pem
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 602a1a5c5d..61c00459e2 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -230,6 +230,14 @@
   notify:
   - flush journald tmpfiles to persistent store
 
+- name: install rh ca for splunk
+  copy: src={{private}}/files/splunk-certs/2022-IT-Root-CA.pem dest=/etc/pki/tls/certs/2022-IT-Root-CA.pem
+  tags:
+  - rsyslogd
+  - config
+  - base
+  when: inventory_hostname.startswith('log01')
+
 - name: ensure packages required for rsyslog are installed
   package: name={{ item }} state=present
   with_items: