diff --git a/pkg/apis/openstackproviderconfig/v1alpha1/types.go b/pkg/apis/openstackproviderconfig/v1alpha1/types.go
index 2c56686e2f..8cb14be922 100644
--- a/pkg/apis/openstackproviderconfig/v1alpha1/types.go
+++ b/pkg/apis/openstackproviderconfig/v1alpha1/types.go
@@ -38,9 +38,6 @@ type OpenstackProviderSpec struct {
 	// The name of the cloud to use from the clouds secret
 	CloudName string `json:"cloudName"`
 
-	// A plaintext string of PEM(s)
-	CertBundle string `json:"caCert,omitempty"`
-
 	// The flavor reference for the flavor for your server instance.
 	Flavor string `json:"flavor"`
 
diff --git a/pkg/cloud/openstack/clients/machineservice.go b/pkg/cloud/openstack/clients/machineservice.go
index 9ef7734a8e..b2c2357bb5 100644
--- a/pkg/cloud/openstack/clients/machineservice.go
+++ b/pkg/cloud/openstack/clients/machineservice.go
@@ -152,11 +152,25 @@ func GetCloudFromSecret(kubeClient kubernetes.Interface, namespace string, secre
 	return clouds.Clouds[cloudName], nil
 }
 
+func getCACertFromConfigmap(kubeClient kubernetes.Interface, namespace string, configmapName string, key string) (string, error) {
+	cloudConfig, err := kubeClient.CoreV1().ConfigMaps(namespace).Get(configmapName, metav1.GetOptions{})
+	if err != nil {
+		return "", fmt.Errorf("failed to get configmap %s/%s/%s from kubernetes api: %v", namespace, configmapName, key, err)
+	}
+
+	val, ok := cloudConfig.Data[key]
+	if !ok {
+		return "", fmt.Errorf("configmap does not contain key, %s", key)
+	}
+
+	return val, nil
+}
+
 // TODO: Eventually we'll have a NewInstanceServiceFromCluster too
 func NewInstanceServiceFromMachine(kubeClient kubernetes.Interface, machine *machinev1.Machine) (*InstanceService, error) {
 	machineSpec, err := openstackconfigv1.MachineSpecFromProviderSpec(machine.Spec.ProviderSpec)
 	if err != nil {
-		return nil, fmt.Errorf("Failed to get Machine Spec from Provider Spec (clients/machineservice.go 138): %v", err)
+		return nil, fmt.Errorf("Failed to get Machine Spec from Provider Spec: %v", err)
 	}
 	cloud := clientconfig.Cloud{}
 	if machineSpec.CloudsSecret != nil && machineSpec.CloudsSecret.Name != "" {
@@ -166,10 +180,16 @@ func NewInstanceServiceFromMachine(kubeClient kubernetes.Interface, machine *mac
 		}
 		cloud, err = GetCloudFromSecret(kubeClient, namespace, machineSpec.CloudsSecret.Name, machineSpec.CloudName)
 		if err != nil {
-			return nil, fmt.Errorf("Failed to get cloud from secret (clients/machienservice.go 150): %v", err)
+			return nil, fmt.Errorf("Failed to get cloud from secret: %v", err)
 		}
 	}
-	return NewInstanceServiceFromCloud(cloud, []byte(machineSpec.CertBundle))
+
+	cacert, err := getCACertFromConfigmap(kubeClient, "openshift-config", "cloud-provider-config", "ca-bundle.pem")
+	if err != nil || cacert == "" {
+		return NewInstanceServiceFromCloud(cloud, nil)
+	}
+
+	return NewInstanceServiceFromCloud(cloud, []byte(cacert))
 }
 
 func NewInstanceService() (*InstanceService, error) {
@@ -188,6 +208,7 @@ func NewInstanceServiceFromCloud(cloud clientconfig.Cloud, cert []byte) (*Instan
 	}
 
 	opts, err := clientconfig.AuthOptions(clientOpts)
+
 	if err != nil {
 		return nil, err
 	}