diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2
index 7cc75926fd..2066c4db92 100644
--- a/ansible/roles/cinder/templates/cinder.conf.j2
+++ b/ansible/roles/cinder/templates/cinder.conf.j2
@@ -206,6 +206,8 @@ connection_string = {{ osprofiler_backend_connection_string }}
 {% if enable_barbican | bool %}
 [barbican]
 auth_endpoint = {{ keystone_internal_url }}
+barbican_endpoint_type = internal
+verify_ssl_path = {{ openstack_cacert }}
 {% endif %}
 
 [coordination]
diff --git a/ansible/roles/glance/templates/glance-api.conf.j2 b/ansible/roles/glance/templates/glance-api.conf.j2
index 2964503029..50a47bf28c 100644
--- a/ansible/roles/glance/templates/glance-api.conf.j2
+++ b/ansible/roles/glance/templates/glance-api.conf.j2
@@ -124,3 +124,10 @@ trace_sqlalchemy = true
 hmac_keys = {{ osprofiler_secret }}
 connection_string = {{ osprofiler_backend_connection_string }}
 {% endif %}
+
+{% if enable_barbican | bool %}
+[barbican]
+auth_endpoint = {{ keystone_internal_url }}
+barbican_endpoint_type = internal
+verify_ssl_path = {{ openstack_cacert }}
+{% endif %}
diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2
index 447a5c0aa6..16ef6db36e 100644
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@@ -196,5 +196,6 @@ connection_string = {{ osprofiler_backend_connection_string }}
 {% if enable_barbican | bool %}
 [barbican]
 auth_endpoint = {{ keystone_internal_url }}
-cafile = {{ openstack_cacert }}
+barbican_endpoint_type = internal
+verify_ssl_path = {{ openstack_cacert }}
 {% endif %}
diff --git a/releasenotes/notes/bug-1886615-640e817dfdb93b8a.yaml b/releasenotes/notes/bug-1886615-640e817dfdb93b8a.yaml
new file mode 100644
index 0000000000..2b1436f15e
--- /dev/null
+++ b/releasenotes/notes/bug-1886615-640e817dfdb93b8a.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fix Castellan (Barbican client) when used with enabled TLS.
+    `LP#1886615 <https://bugs.launchpad.net/kolla-ansible/+bug/1886615>`__