diff --git a/charms_openstack/charm/classes.py b/charms_openstack/charm/classes.py
index 675247f..13adec1 100644
--- a/charms_openstack/charm/classes.py
+++ b/charms_openstack/charm/classes.py
@@ -579,12 +579,15 @@ class HAOpenStackCharm(OpenStackAPICharm):
         ]
         """
         if self.config_defined_ssl_key and self.config_defined_ssl_cert:
-            return [{
-                'key': self.config_defined_ssl_key.decode('utf-8'),
-                'cert': self.config_defined_ssl_cert.decode('utf-8'),
-                'ca': (self.config_defined_ssl_ca.decode('utf-8')
-                       if self.config_defined_ssl_ca else None),
-                'cn': self.get_default_cn()}]
+            ssl_artifacts = []
+            for ep_type in [os_ip.INTERNAL, os_ip.ADMIN, os_ip.PUBLIC]:
+                ssl_artifacts.append({
+                    'key': self.config_defined_ssl_key.decode('utf-8'),
+                    'cert': self.config_defined_ssl_cert.decode('utf-8'),
+                    'ca': (self.config_defined_ssl_ca.decode('utf-8')
+                           if self.config_defined_ssl_ca else None),
+                    'cn': os_ip.resolve_address(endpoint_type=ep_type)})
+            return ssl_artifacts
         elif keystone_interface:
             keys_and_certs = []
             for addr in self.get_local_addresses():
diff --git a/unit_tests/charms_openstack/charm/test_classes.py b/unit_tests/charms_openstack/charm/test_classes.py
index 611fbd5..92d4619 100644
--- a/unit_tests/charms_openstack/charm/test_classes.py
+++ b/unit_tests/charms_openstack/charm/test_classes.py
@@ -671,25 +671,43 @@ class TestHAOpenStackCharm(BaseOpenStackCharmTest):
             'ssl_key': base64.b64encode(b'key'),
             'ssl_cert': base64.b64encode(b'cert'),
             'ssl_ca': base64.b64encode(b'ca')}
+        addresses = {
+            'admin': 'adm_addr',
+            'int': 'int_addr',
+            'public': 'pub_addr'}
         self.patch_target('config', new=config)
         self.patch_object(chm.os_ip, 'resolve_address', 'addr')
+        self.resolve_address.side_effect = \
+            lambda endpoint_type=None: addresses[endpoint_type]
         self.patch_object(chm.os_utils, 'snap_install_requested',
                           return_value=False)
         self.assertEqual(
             self.target.get_certs_and_keys(),
-            [{'key': 'key', 'cert': 'cert', 'ca': 'ca', 'cn': 'addr'}])
+            [
+                {'key': 'key', 'cert': 'cert', 'ca': 'ca', 'cn': 'int_addr'},
+                {'key': 'key', 'cert': 'cert', 'ca': 'ca', 'cn': 'adm_addr'},
+                {'key': 'key', 'cert': 'cert', 'ca': 'ca', 'cn': 'pub_addr'}])
 
     def test_get_certs_and_keys_noca(self):
         config = {
             'ssl_key': base64.b64encode(b'key'),
             'ssl_cert': base64.b64encode(b'cert')}
+        addresses = {
+            'admin': 'adm_addr',
+            'int': 'int_addr',
+            'public': 'pub_addr'}
         self.patch_target('config', new=config)
         self.patch_object(chm.os_ip, 'resolve_address', 'addr')
+        self.resolve_address.side_effect = \
+            lambda endpoint_type=None: addresses[endpoint_type]
         self.patch_object(chm.os_utils, 'snap_install_requested',
                           return_value=False)
         self.assertEqual(
             self.target.get_certs_and_keys(),
-            [{'key': 'key', 'cert': 'cert', 'ca': None, 'cn': 'addr'}])
+            [
+                {'key': 'key', 'cert': 'cert', 'ca': None, 'cn': 'int_addr'},
+                {'key': 'key', 'cert': 'cert', 'ca': None, 'cn': 'adm_addr'},
+                {'key': 'key', 'cert': 'cert', 'ca': None, 'cn': 'pub_addr'}])
 
     def test_get_certs_and_keys_ks_interface(self):
         class KSInterface(object):