diff --git a/tools/run_local_ironic.sh b/tools/run_local_ironic.sh
index 4ffa75de59..170d6b9ff8 100755
--- a/tools/run_local_ironic.sh
+++ b/tools/run_local_ironic.sh
@@ -39,6 +39,10 @@ MARIADB_CACERT_FILE="${MARIADB_CACERT_FILE:-}"
 MARIADB_CERT_FILE="${MARIADB_CERT_FILE:-}"
 MARIADB_KEY_FILE="${MARIADB_KEY_FILE:-}"
 
+IPXE_CACERT_FILE="${IPXE_CACERT_FILE:-}"
+IPXE_CERT_FILE="${IPXE_CERT_FILE:-}"
+IPXE_KEY_FILE="${IPXE_KEY_FILE:-}"
+
 # Variables used to configure IPA handling
 IPA_DOWNLOAD_ENABLED="${IPA_DOWNLOAD_ENABLED:-true}"
 USE_LOCAL_IPA="${USE_LOCAL_IPA:-false}"
@@ -179,6 +183,16 @@ if [ -n "$MARIADB_KEY_FILE" ]; then
      CERTS_MOUNTS="${CERTS_MOUNTS} -v ${MARIADB_KEY_FILE}:/certs/mariadb/tls.key "
 fi
 
+if [[ -n "$IPXE_CACERT_FILE" ]]; then
+     CERTS_MOUNTS="${CERTS_MOUNTS} -v ${IPXE_CACERT_FILE}:/certs/ca/ipxe/tls.crt "
+fi
+if [[ -n "$IPXE_CERT_FILE" ]]; then
+     CERTS_MOUNTS="${CERTS_MOUNTS} -v ${IPXE_CERT_FILE}:/certs/ipxe/tls.crt "
+fi
+if [[ -n "$IPXE_KEY_FILE" ]]; then
+     CERTS_MOUNTS="${CERTS_MOUNTS} -v ${IPXE_KEY_FILE}:/certs/ipxe/tls.key "
+fi
+
 BASIC_AUTH_MOUNTS=""
 IRONIC_HTPASSWD=""
 if [ -n "$IRONIC_USERNAME" ]; then
@@ -244,13 +258,13 @@ if ${IPA_DOWNLOAD_ENABLED}; then
   sudo "${CONTAINER_RUNTIME}" wait ipa-downloader
 fi
 
-# Start dnsmasq, http, mariadb, and ironic containers using same image
+# Start dnsmasq, http, maria-db, and ironic containers using same image
 
 # See this file for env vars you can set, like IP, DHCP_RANGE, INTERFACE
 # https://github.com/metal3-io/ironic-image/blob/main/scripts/rundnsmasq
 # shellcheck disable=SC2086
 sudo "${CONTAINER_RUNTIME}" run -d --net host --privileged --name dnsmasq \
-     ${POD} --env-file "${IRONIC_DATA_DIR}/ironic-vars.env" \
+     ${POD} ${CERTS_MOUNTS} --env-file "${IRONIC_DATA_DIR}/ironic-vars.env" \
      -v "$IRONIC_DATA_DIR:/shared" --entrypoint /bin/rundnsmasq "${IRONIC_IMAGE}"
 
 # See this file for env vars you can set, like IP, DHCP_RANGE, INTERFACE