diff --git a/deploy/azure/atst-nginx-configmap.yml b/deploy/azure/atst-nginx-configmap.yml
index b702924c..77de51f9 100644
--- a/deploy/azure/atst-nginx-configmap.yml
+++ b/deploy/azure/atst-nginx-configmap.yml
@@ -39,8 +39,8 @@ data:
         # access_log /var/log/nginx/access.log json;
         listen ${PORT_PREFIX}442 ssl;
         listen [::]:${PORT_PREFIX}442 ssl ipv6only=on;
-        ssl_certificate /etc/ssl/private/atat.crt;
-        ssl_certificate_key /etc/ssl/private/atat.key;
+        ssl_certificate /etc/ssl/atat.crt;
+        ssl_certificate_key /etc/ssl/atat.crt;
         # additional SSL/TLS settings
         include /etc/nginx/snippets/ssl.conf
 
@@ -72,8 +72,8 @@ data:
         server_name ${AUTH_DOMAIN};
         listen ${PORT_PREFIX}443 ssl;
         listen [::]:${PORT_PREFIX}443 ssl ipv6only=on;
-        ssl_certificate /etc/ssl/private/atat.crt;
-        ssl_certificate_key /etc/ssl/private/atat.key;
+        ssl_certificate /etc/ssl/atat.crt;
+        ssl_certificate_key /etc/ssl/atat.crt;
         # Request and validate client certificate
         ssl_verify_client on;
         ssl_verify_depth 10;
diff --git a/deploy/azure/azure.yml b/deploy/azure/azure.yml
index ddbbfe18..e391fc54 100644
--- a/deploy/azure/azure.yml
+++ b/deploy/azure/azure.yml
@@ -146,8 +146,8 @@ spec:
             options:
               usepodidentity: "true"
               keyvaultname: "atat-vault-test"
-              keyvaultobjectnames: "dhparam4096"
-              keyvaultobjectaliases: "dhparam.pem"
+              keyvaultobjectnames: "dhparam4096;staging-cert"
+              keyvaultobjectaliases: "dhparam.pem;atat.crt"
               keyvaultobjecttypes: secret
               tenantid: $TENANT_ID
 ---