diff --git a/roles/ocp4_workload_ansible_automation_platform/defaults/main.yml b/roles/ocp4_workload_ansible_automation_platform/defaults/main.yml
index 99515db..15175a2 100644
--- a/roles/ocp4_workload_ansible_automation_platform/defaults/main.yml
+++ b/roles/ocp4_workload_ansible_automation_platform/defaults/main.yml
@@ -39,6 +39,12 @@ ocp4_workload_ansible_automation_platform_token_lifecycle_retries: 5
 ocp4_workload_ansible_automation_platform_deploy_wait_timeout: 1800
 ocp4_workload_ansible_automation_platform_manifest_inject_retries: 3
 ocp4_workload_ansible_automation_platform_manifest_inject_delay: 5
+# Override to use an internal service URL for manifest injection.
+# When set, bypasses the external route hostname (useful when ingress
+# is slow to come up or unreachable from the deployer pod).
+# Example: "aap.aap.svc.cluster.local"
+ocp4_workload_ansible_automation_platform_manifest_inject_host: ""
+ocp4_workload_ansible_automation_platform_manifest_inject_validate_certs: true
 # Additional manifest overrides to be merged into the Template used to deploy AAP
 ocp4_workload_ansible_automation_platform_aap_manifest_overrides: {}
 
diff --git a/roles/ocp4_workload_ansible_automation_platform/tasks/workload.yml b/roles/ocp4_workload_ansible_automation_platform/tasks/workload.yml
index 0ca043e..79829f0 100644
--- a/roles/ocp4_workload_ansible_automation_platform/tasks/workload.yml
+++ b/roles/ocp4_workload_ansible_automation_platform/tasks/workload.yml
@@ -91,10 +91,13 @@
   - name: Inject AAP2 Controller manifest
     ansible.controller.license:
       manifest: /tmp/aap-manifest.zip
-      controller_host: "{{ automation_controller_hostname }}"
+      controller_host: >-
+        {{ ocp4_workload_ansible_automation_platform_manifest_inject_host
+           if ocp4_workload_ansible_automation_platform_manifest_inject_host | default('') | length > 0
+           else automation_controller_hostname }}
       controller_username: admin
       controller_password: "{{ _ocp4_workload_ansible_automation_platform_admin_password }}"
-      validate_certs: true
+      validate_certs: "{{ ocp4_workload_ansible_automation_platform_manifest_inject_validate_certs }}"
     register: r_aap_license
     until: not r_aap_license.failed
     retries: "{{ ocp4_workload_ansible_automation_platform_manifest_inject_retries }}"