diff --git a/unit_tests/utilities/test_zaza_utilities_openstack.py b/unit_tests/utilities/test_zaza_utilities_openstack.py
index 67cd417..c42fc9d 100644
--- a/unit_tests/utilities/test_zaza_utilities_openstack.py
+++ b/unit_tests/utilities/test_zaza_utilities_openstack.py
@@ -1333,25 +1333,34 @@ class TestOpenStackUtils(ut_utils.BaseTestCase):
                 'bridge-interface-mappings',
                 {'ovn-bridge-mappings': 'physnet1:br-ex'}))
 
+    def test_get_cacert_absolute_path(self):
+        self.patch_object(openstack_utils.deployment_env, 'get_tmpdir')
+        self.get_tmpdir.return_value = '/tmp/default'
+        self.assertEqual(
+            openstack_utils.get_cacert_absolute_path('filename'),
+            '/tmp/default/filename')
+
     def test_get_cacert(self):
+        self.patch_object(openstack_utils.deployment_env, 'get_tmpdir')
+        self.get_tmpdir.return_value = '/tmp/default'
         self.patch_object(openstack_utils.os.path, 'exists')
         results = {
-            'tests/vault_juju_ca_cert.crt': True}
+            '/tmp/default/vault_juju_ca_cert.crt': True}
         self.exists.side_effect = lambda x: results[x]
         self.assertEqual(
             openstack_utils.get_cacert(),
-            'tests/vault_juju_ca_cert.crt')
+            '/tmp/default/vault_juju_ca_cert.crt')
 
         results = {
-            'tests/vault_juju_ca_cert.crt': False,
-            'tests/keystone_juju_ca_cert.crt': True}
+            '/tmp/default/vault_juju_ca_cert.crt': False,
+            '/tmp/default/keystone_juju_ca_cert.crt': True}
         self.assertEqual(
             openstack_utils.get_cacert(),
-            'tests/keystone_juju_ca_cert.crt')
+            '/tmp/default/keystone_juju_ca_cert.crt')
 
         results = {
-            'tests/vault_juju_ca_cert.crt': False,
-            'tests/keystone_juju_ca_cert.crt': False}
+            '/tmp/default/vault_juju_ca_cert.crt': False,
+            '/tmp/default/keystone_juju_ca_cert.crt': False}
         self.assertIsNone(openstack_utils.get_cacert())
 
     def test_get_remote_ca_cert_file(self):
@@ -1364,6 +1373,8 @@ class TestOpenStackUtils(ut_utils.BaseTestCase):
         self.patch_object(openstack_utils.shutil, 'move')
         self.patch_object(openstack_utils.os, 'chmod')
         self.patch_object(openstack_utils.tempfile, 'NamedTemporaryFile')
+        self.patch_object(openstack_utils.deployment_env, 'get_tmpdir')
+        self.get_tmpdir.return_value = '/tmp/default'
         enter_mock = mock.MagicMock()
         enter_mock.__enter__.return_value.name = 'tempfilename'
         self.NamedTemporaryFile.return_value = enter_mock
@@ -1377,8 +1388,9 @@ class TestOpenStackUtils(ut_utils.BaseTestCase):
             'neutron-api/0',
             '/tmp/ca1.cert',
             'tempfilename')
-        self.chmod.assert_called_once_with('tests/ca1.cert', 0o644)
-        self.move.assert_called_once_with('tempfilename', 'tests/ca1.cert')
+        self.chmod.assert_called_once_with('/tmp/default/ca1.cert', 0o644)
+        self.move.assert_called_once_with(
+            'tempfilename', '/tmp/default/ca1.cert')
 
 
 class TestAsyncOpenstackUtils(ut_utils.AioTestCase):
diff --git a/zaza/openstack/utilities/openstack.py b/zaza/openstack/utilities/openstack.py
index 522df31..d277656 100644
--- a/zaza/openstack/utilities/openstack.py
+++ b/zaza/openstack/utilities/openstack.py
@@ -185,12 +185,10 @@ WORKLOAD_STATUS_EXCEPTIONS = {
 # For vault TLS certificates
 CACERT_FILENAME_FORMAT = "{}_juju_ca_cert.crt"
 CERT_PROVIDERS = ['vault']
-LOCAL_CERT_DIR = "tests"
 REMOTE_CERT_DIR = "/usr/local/share/ca-certificates"
 KEYSTONE_CACERT = "keystone_juju_ca_cert.crt"
 KEYSTONE_REMOTE_CACERT = (
     "/usr/local/share/ca-certificates/{}".format(KEYSTONE_CACERT))
-KEYSTONE_LOCAL_CACERT = ("{}/{}".format(LOCAL_CERT_DIR, KEYSTONE_CACERT))
 
 
 async def async_block_until_ca_exists(application_name, ca_cert,
@@ -236,6 +234,18 @@ async def async_block_until_ca_exists(application_name, ca_cert,
 block_until_ca_exists = zaza.model.sync_wrapper(async_block_until_ca_exists)
 
 
+def get_cacert_absolute_path(filename):
+    """Build string containing location of the CA Certificate file.
+
+    :param filename: Expected filename for CA Certificate file.
+    :type filename: str
+    :returns: Absolute path to file containing CA Certificate
+    :rtype: str
+    """
+    return os.path.join(
+        deployment_env.get_tmpdir(), filename)
+
+
 def get_cacert():
     """Return path to CA Certificate bundle for verification during test.
 
@@ -243,12 +253,13 @@ def get_cacert():
     :rtype: Union[str, None]
     """
     for _provider in CERT_PROVIDERS:
-        _cert = LOCAL_CERT_DIR + '/' + CACERT_FILENAME_FORMAT.format(
-            _provider)
+        _cert = get_cacert_absolute_path(
+            CACERT_FILENAME_FORMAT.format(_provider))
         if os.path.exists(_cert):
             return _cert
-    if os.path.exists(KEYSTONE_LOCAL_CACERT):
-        return KEYSTONE_LOCAL_CACERT
+    _keystone_local_cacert = get_cacert_absolute_path(KEYSTONE_CACERT)
+    if os.path.exists(_keystone_local_cacert):
+        return _keystone_local_cacert
 
 
 # OpenStack Client helpers
@@ -2056,8 +2067,7 @@ def get_remote_ca_cert_file(application, model_name=None):
         application,
         model_name=model_name)
     for cert_file in cert_files:
-        _local_cert_file = "{}/{}".format(
-            LOCAL_CERT_DIR,
+        _local_cert_file = get_cacert_absolute_path(
             os.path.basename(cert_file))
         with tempfile.NamedTemporaryFile(mode="w", delete=False) as _tmp_ca:
             try: