diff --git a/config.yaml b/config.yaml
index 5e2f0ab..1062fed 100644
--- a/config.yaml
+++ b/config.yaml
@@ -84,7 +84,7 @@ actions:
               %define pesign_name_0 centossecureboot201
               %else
               %ifarch x86_64 aarch64
-              %define pesign_name_0 redhatsecureboot501
+              %define pesign_name_0 redhatsecureboot801
               %endif
               %ifarch s390x
               %define pesign_name_0 redhatsecureboot302
@@ -181,6 +181,10 @@ actions:
         find: "UKI_secureboot_name=redhatsecureboot504"
         replace: "UKI_secureboot_name=alsecureboot001"
         count: 1
+      - target: "spec"
+        find: "UKI_secureboot_cert=%{SOURCE153}"
+        replace: "UKI_secureboot_cert=%{_datadir}/pki/sb-certs/secureboot-uki-virt-%{_arch}.cer"
+        count: 1
       - target: "spec"
         find: "# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel"
         replace: "# AlmaLinux UEFI Secure Boot CA cert, which can be used to authenticate the kernel"
@@ -434,6 +438,9 @@ actions:
                 if [ "$KernelExtension" == "gz" ]; then
                     gzip -f9 $SignImage
                 fi
+          - |
+            # Temporary use redhatsecureboot504 for x86 UKI, see RHEL-122230
+            Source153: redhatsecureboot504.cer
 
   - run_script:
       - script: "copy_ppc64le_config.sh"