diff --git a/defaults/main.yml b/defaults/main.yml
index 3910655964a0acd7ecd3d72bfc2ecf3ec06f31f3..465dc335fbc39c6bfee01a97e81e6897f8752a48 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -16,6 +16,7 @@ generate_node_certs: true
 gl_sidecar_ca_path: "/etc/graylog/sidecar"
 sidecar_cert_dir: "/etc/graylog/sidecar"
 cert_valid_days: 1095
+gl_node_ca_path: {{ gl_sidecar_ca_path }}
 
 # Cert SAN settings
 node_cert_sans: "{{ lookup('template', 'node-cert-sans.j2') | replace('\n', '') | split(',') | map('trim') | list }}"
diff --git a/tasks/main.yml b/tasks/main.yml
index a372e1049edcc76772f632b422d16988bf5cd485..3086528b9efc1f15e55bb9f1693801407ce03bb9 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -12,19 +12,19 @@
       ansible.builtin.fail:
         msg: "Please add a host group 'sidecar-ca' with the host(s) storing the CA file first"
       run_once: true
-      when: "not (groups['sidecar-ca'] is defined)"
+      when: "not ('sidecar-ca' in groups)"
 
     - name: Fail if 'graylog-nodes' host group is missing # noqa: run_once[task]
       ansible.builtin.fail:
         msg: "Please add a host group 'graylog-nodes' with the host(s) storing the log node CA file first"
       run_once: true
-      when: "not (groups['graylog-nodes'] is defined)"
+      when: "not ('graylog-nodes' in groups)"
 
 - name: Fail if 'ca-store' host group is missing while using opetion 'use_central_ca_host' # noqa: run_once[task]
   ansible.builtin.fail:
     msg: "Please add a host group 'sidecar-ca' with the host(s) storing the CA file first"
   run_once: true
-  when: "(not (groups['ca-store'] is defined)) and use_central_ca_host"
+  when: "(not ('ca-store' in groups)) and use_central_ca_host"
 
 - name: Include tasks when not using single ca-host
   when: not use_central_ca_host
@@ -45,24 +45,34 @@
 - name: Include tasks when using single ca-host
   when: use_central_ca_host
   block:
-    - name: Include sidecar tasks (when using a single ca store)
-      ansible.builtin.include_tasks: sidecar.yml
-      when: >
-        ((groups['sidecar-ca'] is defined) and (groups['graylog-nodes'] is defined) | ternary(
-          (inventory_hostname not in groups['sidecar-ca']) and
-          (inventory_hostname not in groups['graylog-nodes'])
-        , true)) and
-        (inventory_hostname not in groups['ca-store'])
+    - name: Include sidecar tasks (when using a single ca store and gl-groups defined)
+      when: (('sidecar-ca' in groups) and ('graylog-nodes' in groups))
+      block:
+        - name: Include sidecar tasks (when using a single ca store and gl-groups defined)
+          ansible.builtin.include_tasks: sidecar.yml
+          when: >
+            (inventory_hostname not in groups['sidecar-ca']) and
+            (inventory_hostname not in groups['graylog-nodes']) and
+            (inventory_hostname not in groups['ca-store'])
 
-    - name: Include filebeat tasks
-      ansible.builtin.include_tasks: filebeat.yml
-      when: >
-        install_filebeat and
-        ((groups['sidecar-ca'] is defined) and (groups['graylog-nodes'] is defined) | ternary(
-          (inventory_hostname not in groups['sidecar-ca']) and
-          (inventory_hostname not in groups['graylog-nodes'])
-        , true)) and
-        (inventory_hostname not in groups['ca-store'])
+        - name: Include filebeat tasks (when using a single ca store and gl-groups defined)
+          ansible.builtin.include_tasks: filebeat.yml
+          when: >
+            install_filebeat and
+            (inventory_hostname not in groups['sidecar-ca']) and
+            (inventory_hostname not in groups['graylog-nodes']) and
+            (inventory_hostname not in groups['ca-store'])
+
+    - name: Include sidecar tasks (when using a single ca store without gl-groups defined)
+      when: not (('sidecar-ca' in groups) and ('graylog-nodes' in groups))
+      block:
+        - name: Include sidecar tasks (when using a single ca store without gl-groups defined)
+          ansible.builtin.include_tasks: sidecar.yml
+          when: (inventory_hostname not in groups['ca-store'])
+
+        - name: Include filebeat tasks  (when using a single ca store without gl-groups defined)
+          ansible.builtin.include_tasks: filebeat.yml
+          when: (inventory_hostname not in groups['ca-store'])
 
 - name: Switch back to default policy
   ansible.builtin.command:
@@ -71,5 +81,21 @@
   become: true
 
 - name: Generate Node certificates
-  ansible.builtin.import_tasks: node-certs.yml
   when: generate_node_certs
+  block:
+    - name: Include cert tasks (with gl-groups defined)
+      when: (('sidecar-ca' in groups) and ('graylog-nodes' in groups))
+      block:
+        - name: Include Node Cert tasks (with gl-groups defined)
+          ansible.builtin.include_tasks: node-certs.yml
+          when: >
+            (inventory_hostname not in groups['sidecar-ca']) and
+            (inventory_hostname not in groups['graylog-nodes']) and
+            (inventory_hostname not in groups['ca-store'])
+
+    - name: Include cert tasks (without gl-groups defined)
+      when: not (('sidecar-ca' in groups) and ('graylog-nodes' in groups))
+      block:
+        - name: Include Node Cert tasks (without gl-groups defined)
+          ansible.builtin.include_tasks: node-certs.yml
+          when: (inventory_hostname not in groups['ca-store'])
diff --git a/tasks/sidecar.yml b/tasks/sidecar.yml
index fce15a4199977987776b61e93748f832ef825aa4..b6d30ade6557f946901f6b8cbd7d664de5b22791 100644
--- a/tasks/sidecar.yml
+++ b/tasks/sidecar.yml
@@ -45,6 +45,7 @@
       ansible.builtin.yum:
         name: /tmp/graylog-sidecar.rpm
         state: present
+        disable_gpg_check: true # Github rpm is not signed, may replace true with actual check if signed or not
 
 - name: Run install command
   ansible.builtin.command: