diff --git a/pkg/daemon/daemon.go b/pkg/daemon/daemon.go
index bff8f509d0..2197a19234 100644
--- a/pkg/daemon/daemon.go
+++ b/pkg/daemon/daemon.go
@@ -2210,7 +2210,7 @@ func (dn *Daemon) checkStateOnFirstRun() error {
 		if !osMatch {
 			logSystem("Bootstrap pivot required to: %s", targetOSImageURL)
 
-			if err := dn.updateLayeredOS(state.currentConfig); err != nil {
+			if err := dn.updateLayeredOS(state.currentConfig, false); err != nil {
 				return err
 			}
 
diff --git a/pkg/daemon/update.go b/pkg/daemon/update.go
index 82eabdb0f9..05f6ac5e9c 100644
--- a/pkg/daemon/update.go
+++ b/pkg/daemon/update.go
@@ -2616,7 +2616,7 @@ func (dn *Daemon) queueRevertKernelSwap() error {
 }
 
 // updateLayeredOS updates the system OS to the one specified in newConfig
-func (dn *Daemon) updateLayeredOS(config *mcfgv1.MachineConfig) error {
+func (dn *Daemon) updateLayeredOS(config *mcfgv1.MachineConfig, isRevertingFromOCL bool) error {
 	newURL := config.Spec.OSImageURL
 	klog.Infof("Updating OS to layered image %q", newURL)
 
@@ -2639,12 +2639,16 @@ func (dn *Daemon) updateLayeredOS(config *mcfgv1.MachineConfig) error {
 	}
 
 	// If PIS is configured check if the image is locally present. If so, rebase using
-	// the local image
+	// the local image.
+	// IMPORTANT: Skip local storage rebase when reverting from OCL to avoid using stale
+	// IRI certificates. See OCPBUGS-62479.
 	var podmanImageInfo *PodmanImageInfo
-	if isPisConfigured {
+	if isPisConfigured && !isRevertingFromOCL {
 		if podmanImageInfo, err = dn.podmanInterface.GetPodmanImageInfoByReference(newURL); err != nil {
 			return err
 		}
+	} else if isRevertingFromOCL {
+		klog.Info("Skipping local storage rebase during OCL revert to avoid certificate issues")
 	}
 
 	// For image mode status reporting we need the node's MCP association to populate its MCN
@@ -3020,7 +3024,7 @@ func (dn *CoreOSDaemon) applyLayeredOSChanges(mcDiff machineConfigDiff, oldConfi
 
 	// Update OS
 	if mcDiff.osUpdate {
-		if err := dn.updateLayeredOS(newConfig); err != nil {
+		if err := dn.updateLayeredOS(newConfig, mcDiff.revertFromOCL); err != nil {
 			mcdPivotErr.Inc()
 			return err
 		}