diff --git a/magnum/common/keystone.py b/magnum/common/keystone.py
index a62317c385..15cfc97e94 100644
--- a/magnum/common/keystone.py
+++ b/magnum/common/keystone.py
@@ -15,7 +15,6 @@ from keystoneauth1 import exceptions as ka_exception
 from keystoneauth1.identity import access as ka_access_plugin
 from keystoneauth1.identity import v3 as ka_v3
 from keystoneauth1 import loading as ka_loading
-from keystoneauth1 import session as ka_session
 import keystoneclient.exceptions as kc_exception
 from keystoneclient.v3 import client as kc_v3
 from oslo_config import cfg
@@ -160,7 +159,12 @@ class KeystoneClientV3(object):
                 user_id=CONF.trust.trustee_domain_admin_id,
                 domain_id=CONF.trust.trustee_domain_id,
                 password=CONF.trust.trustee_domain_admin_password)
-            session = ka_session.Session(auth=auth)
+            session = ka_loading.session.Session().load_from_options(
+                auth=auth,
+                insecure=CONF[CFG_LEGACY_GROUP].insecure,
+                cacert=CONF[CFG_LEGACY_GROUP].cafile,
+                key=CONF[CFG_LEGACY_GROUP].keyfile,
+                cert=CONF[CFG_LEGACY_GROUP].certfile)
             self._domain_admin_client = kc_v3.Client(session=session)
         return self._domain_admin_client
 
@@ -202,7 +206,13 @@ class KeystoneClientV3(object):
                                   user_id=bay.trustee_user_id,
                                   password=bay.trustee_password,
                                   trust_id=bay.trust_id)
-            sess = ka_session.Session(auth=auth)
+
+            sess = ka_loading.session.Session().load_from_options(
+                auth=auth,
+                insecure=CONF[CFG_LEGACY_GROUP].insecure,
+                cacert=CONF[CFG_LEGACY_GROUP].cafile,
+                key=CONF[CFG_LEGACY_GROUP].keyfile,
+                cert=CONF[CFG_LEGACY_GROUP].certfile)
             client = kc_v3.Client(session=sess)
         try:
             client.trusts.delete(bay.trust_id)
diff --git a/magnum/tests/unit/common/test_keystone.py b/magnum/tests/unit/common/test_keystone.py
index 3f56c12b01..1c90af2ade 100644
--- a/magnum/tests/unit/common/test_keystone.py
+++ b/magnum/tests/unit/common/test_keystone.py
@@ -125,7 +125,7 @@ class KeystoneClientTest(base.TestCase):
         bay.trust_id = 'atrust123'
         self.assertIsNone(ks_client.delete_trust(self.ctx, bay))
 
-    @mock.patch('magnum.common.keystone.ka_session.Session')
+    @mock.patch('keystoneauth1.session.Session')
     def test_create_trust_with_all_roles(self, mock_session, mock_ks):
         mock_session.return_value.get_user_id.return_value = '123456'
         mock_session.return_value.get_project_id.return_value = '654321'
@@ -140,7 +140,7 @@ class KeystoneClientTest(base.TestCase):
             trustee_user='888888', role_names=['role1', 'role2'],
             impersonation=True)
 
-    @mock.patch('magnum.common.keystone.ka_session.Session')
+    @mock.patch('keystoneauth1.session.Session')
     def test_create_trust_with_limit_roles(self, mock_session, mock_ks):
         mock_session.return_value.get_user_id.return_value = '123456'
         mock_session.return_value.get_project_id.return_value = '654321'