diff --git a/tobiko/openstack/octavia/_deployers.py b/tobiko/openstack/octavia/_deployers.py
index 8138143a3..7b405c668 100644
--- a/tobiko/openstack/octavia/_deployers.py
+++ b/tobiko/openstack/octavia/_deployers.py
@@ -24,6 +24,26 @@ from tobiko.openstack.octavia import _constants
 LOG = log.getLogger(__name__)
 
 
+def get_external_subnet(ip_version=4):
+    try:
+        ext_subnet_list = neutron.find_network(
+            **{'router:external': True})['subnets']
+    except tobiko.ObjectNotFound:
+        LOG.warning('External network not found')
+        return None
+
+    for ext_subnet_id in ext_subnet_list:
+        try:
+            subnet = neutron.find_subnet(id=ext_subnet_id,
+                                         ip_version=ip_version)
+        except tobiko.ObjectNotFound:
+            continue
+        else:
+            return subnet
+
+    LOG.warning('External subnet with IP version %d not found', ip_version)
+
+
 def deploy_ipv4_lb(provider: str,
                    protocol: str,
                    protocol_port: int,
@@ -46,11 +66,7 @@ def deploy_ipv4_lb(provider: str,
         LOG.debug(f'Loadbalancer {lb.id} already exists. Skipping its'
                   ' creation')
     else:
-        try:
-            subnet = neutron.find_subnet('external_subnet')
-        except ModuleNotFoundError:
-            subnet = None
-
+        subnet = get_external_subnet()
         if subnet is None:
             tobiko.skip_test('Replacing heat networking resources for '
                              'octavia in tobiko wasn\'t implemented yet')
diff --git a/tobiko/openstack/openstacksdkclient/_client.py b/tobiko/openstack/openstacksdkclient/_client.py
index 20297bbf6..73fb63b4a 100644
--- a/tobiko/openstack/openstacksdkclient/_client.py
+++ b/tobiko/openstack/openstacksdkclient/_client.py
@@ -18,9 +18,13 @@ from __future__ import absolute_import
 import openstack
 
 import tobiko
+from tobiko import config
 from tobiko.openstack import keystone
 
 
+CONF = config.CONF
+
+
 class OpenstacksdkClientFixture(tobiko.SharedFixture):
 
     client = None
@@ -35,6 +39,8 @@ class OpenstacksdkClientFixture(tobiko.SharedFixture):
 
     def setup_client(self):
         client = self.client
+        # create a new connection if it was not created before or if TLS-e is
+        # enabled (otherwise, an SSLError exception is raised)
         if not client:
             credentials = keystone.keystone_credentials()
             tmp_auth = {
@@ -49,6 +55,9 @@ class OpenstacksdkClientFixture(tobiko.SharedFixture):
             }
             if credentials.api_version == 3:
                 tmp_auth['os-identity-api-version'] = credentials.api_version
+            if 'https://' in credentials.auth_url and not credentials.cacert:
+                tmp_auth['os-cacert'] = \
+                    CONF.tobiko.tripleo.undercloud_cacert_file
             self.client = client = openstack.connect(**tmp_auth)
         return client
 
diff --git a/tobiko/tripleo/config.py b/tobiko/tripleo/config.py
index 5afef7357..e641f531b 100644
--- a/tobiko/tripleo/config.py
+++ b/tobiko/tripleo/config.py
@@ -41,6 +41,10 @@ OPTIONS = [
                default='undercloud',
                help='undercloud cloud name to be used for loading credentials '
                     'from the undercloud clouds files'),
+    cfg.StrOpt('undercloud_cacert_file',
+               default='/etc/pki/tls/certs/ca-bundle.trust.crt',
+               help='Path to cacert file that can be used to send https '
+                    'request from the undercloud'),
 
 
     # Overcloud options