diff --git a/bootstrapper/internal/joinclient/joinclient.go b/bootstrapper/internal/joinclient/joinclient.go
index bee52cc78..536906988 100644
--- a/bootstrapper/internal/joinclient/joinclient.go
+++ b/bootstrapper/internal/joinclient/joinclient.go
@@ -271,7 +271,7 @@ func (c *JoinClient) startNodeAndJoin(ticket *joinproto.IssueJoinTicketResponse,
 		return fmt.Errorf("writing kubelet key: %w", err)
 	}
 
-	if err := c.fileHandler.Write(constants.SSHCAKeyPath, ticket.EmergencyCaKey, file.OptMkdirAll); err != nil {
+	if err := c.fileHandler.Write(constants.SSHCAKeyPath, ticket.AuthorizedCaPublicKey, file.OptMkdirAll); err != nil {
 		return fmt.Errorf("writing ssh ca key: %w", err)
 	}
 
diff --git a/bootstrapper/internal/joinclient/joinclient_test.go b/bootstrapper/internal/joinclient/joinclient_test.go
index 714a0635e..e652c5165 100644
--- a/bootstrapper/internal/joinclient/joinclient_test.go
+++ b/bootstrapper/internal/joinclient/joinclient_test.go
@@ -51,7 +51,7 @@ func TestClient(t *testing.T) {
 		{Role: role.ControlPlane, Name: "node-5", VPCIP: "192.0.2.3"},
 	}
 	caDerivationKey := make([]byte, 256)
-	respCaKey := &joinproto.IssueJoinTicketResponse{EmergencyCaKey: caDerivationKey}
+	respCaKey := &joinproto.IssueJoinTicketResponse{AuthorizedCaPublicKey: caDerivationKey}
 
 	testCases := map[string]struct {
 		role          role.Role
@@ -144,22 +144,6 @@ func TestClient(t *testing.T) {
 			wantJoin:      true,
 			wantLock:      true,
 		},
-		"on worker: no CA derivation key is given": {
-			role: role.Worker,
-			apiAnswers: []any{
-				selfAnswer{instance: workerSelf},
-				listAnswer{instances: peers},
-				issueJoinTicketAnswer{err: assert.AnError},
-				listAnswer{instances: peers},
-				issueJoinTicketAnswer{err: assert.AnError},
-				listAnswer{instances: peers},
-				issueJoinTicketAnswer{},
-			},
-			clusterJoiner: &stubClusterJoiner{},
-			nodeLock:      newFakeLock(),
-			disk:          &stubDisk{},
-			wantLock:      true,
-		},
 		"on control plane: issueJoinTicket errors": {
 			role: role.ControlPlane,
 			apiAnswers: []any{
@@ -204,18 +188,6 @@ func TestClient(t *testing.T) {
 			wantLock:      true,
 			wantNumJoins:  2,
 		},
-		"on control plane: no CA derivation key is given": {
-			role: role.ControlPlane,
-			apiAnswers: []any{
-				selfAnswer{instance: controlSelf},
-				listAnswer{instances: peers},
-				issueJoinTicketAnswer{},
-			},
-			clusterJoiner: &stubClusterJoiner{numBadCalls: 1, joinClusterErr: assert.AnError},
-			nodeLock:      newFakeLock(),
-			disk:          &stubDisk{},
-			wantLock:      true,
-		},
 		"on control plane: node already locked": {
 			role: role.ControlPlane,
 			apiAnswers: []any{