diff --git a/playbooks/openshift-apps/cloud-image-uploader.yml b/playbooks/openshift-apps/cloud-image-uploader.yml
index e2ad038401..8a67d87965 100644
--- a/playbooks/openshift-apps/cloud-image-uploader.yml
+++ b/playbooks/openshift-apps/cloud-image-uploader.yml
@@ -93,6 +93,18 @@
     key: cloud-image-uploader.ca
     privatefile: "rabbitmq/{{env}}/pki/ca.crt"
 
+  - role: openshift/secret-file
+    app: cloud-image-uploader
+    secret_name: registry-fedoraproject-cert
+    key: registry-fedoraproject.crt
+    privatefile: "docker-registry/{{env}}/pki/issued/containerstable.crt"
+
+  - role: openshift/secret-file
+    app: cloud-image-uploader
+    secret_name: registry-fedoraproject-key
+    key: registry-fedoraproject.key
+    privatefile: "docker-registry/{{env}}/pki/private/containerstable.key"
+
   - role: openshift/object
     app: cloud-image-uploader
     template: secret.yml
diff --git a/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml b/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml
index 0d883fe58c..70f904cf52 100644
--- a/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml
+++ b/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml
@@ -29,6 +29,14 @@ spec:
         - name: fedora-messaging-cert-volume
           secret:
             secretName: cloud-image-uploader-fedora-messaging-crt
+        # skopeo wants the cert and key in the same directory
+        - name: registry-fedoraproject
+          projected:
+            sources:
+            - secret:
+                secretName: registry-fedoraproject-cert
+            - secret:
+                secretName: registry-fedoraproject-key
       containers:
         - name: cloud-image-uploader
           image: image-registry.openshift-image-registry.svc:5000/cloud-image-uploader/cloud-image-uploader:latest
@@ -75,6 +83,8 @@ spec:
                 secretKeyRef:
                   name: podman-credentials
                   key: fedoraproject_registry_password
+            - name: FEDORA_REGISTRY_CERT_DIR
+              value: "/etc/pki/registry-fedoraproject-org/"
             - name: QUAY_IO_USER
               valueFrom:
                 secretKeyRef:
@@ -98,3 +108,6 @@ spec:
             - name: fedora-messaging-cert-volume
               mountPath: /etc/pki/rabbitmq/cert
               readOnly: true
+            - name: registry-fedoraproject
+              mountPath: /etc/pki/registry-fedoraproject-org/
+              readOnly: true