diff --git a/ansible/roles/eessi/defaults/main.yaml b/ansible/roles/eessi/defaults/main.yaml
index 581c24f77..45efe79b0 100644
--- a/ansible/roles/eessi/defaults/main.yaml
+++ b/ansible/roles/eessi/defaults/main.yaml
@@ -1,4 +1,6 @@
 ---
+cvmfs_release_version: "6-3"
+
 # Default to 10GB
 cvmfs_quota_limit_mb: 10000
 
@@ -9,4 +11,4 @@ cvmfs_config_default:
 cvmfs_config_overrides: {}
 cvmfs_config: "{{ cvmfs_config_default | combine(cvmfs_config_overrides) }}"
 
-cvmfs_gpg_checksum: "sha256:4ac81adff957565277cfa6a4a330cdc2ce5a8fdd73b8760d1a5a32bef71c4bd6"
+cvmfs_gpg_checksum: "sha256:5c60679d307a96524204c127250e8ebdda66a459659faa1718bdf32dde1d7069"
diff --git a/ansible/roles/eessi/tasks/install.yml b/ansible/roles/eessi/tasks/install.yml
index 50b939cdc..b596b4cf3 100644
--- a/ansible/roles/eessi/tasks/install.yml
+++ b/ansible/roles/eessi/tasks/install.yml
@@ -3,18 +3,17 @@
 - name: Download Cern GPG key
   # checkov:skip=CKV2_ANSIBLE_2: "Ensure that HTTPS url is used with get_url"
   ansible.builtin.get_url:
-    url: http://cvmrepo.web.cern.ch/cvmrepo/yum/RPM-GPG-KEY-CernVM
+    url: https://cvmrepo.web.cern.ch/cvmrepo/yum/RPM-GPG-KEY-CernVM-2048
     dest: ./cvmfs-key.gpg
     checksum: "{{ cvmfs_gpg_checksum }}"
     mode: "0644"
 
 - name: Import downloaded GPG key # noqa: no-changed-when
   ansible.builtin.command: rpm --import cvmfs-key.gpg # noqa: command-instead-of-module
+
 - name: Add CVMFS repo
-  # checkov:skip=CKV2_ANSIBLE_4: "Ensure that packages with untrusted or missing GPG signatures are not used by dnf"
   ansible.builtin.dnf:
-    name: https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest.noarch.rpm
-    disable_gpg_check: true
+    name: "https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-{{ cvmfs_release_version }}.noarch.rpm"
 
 - name: Install CVMFS
   ansible.builtin.dnf:
diff --git a/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json b/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json
index 2a3002567..5c41f2aff 100644
--- a/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json
+++ b/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json
@@ -1,6 +1,6 @@
 {
   "cluster_image": {
-    "RL8": "openhpc-RL8-251008-0814-cda7084d",
-    "RL9": "openhpc-RL9-251008-0814-cda7084d"
+    "RL8": "openhpc-RL8-251014-1152-20aa2a49",
+    "RL9": "openhpc-RL9-251014-1152-20aa2a49"
   }
 }