diff --git a/Dockerfile.client-server-cg.rh b/Dockerfile.client-server-cg.rh
index 74cba9dea8e..10154139d87 100644
--- a/Dockerfile.client-server-cg.rh
+++ b/Dockerfile.client-server-cg.rh
@@ -1,7 +1,7 @@
 # Provides the Trusted Artifact Signer CLI binaries, cosign and gitsign
 
-FROM quay.io/redhat-user-workloads/rhtas-tenant/cli/cosign@sha256:0d9af9e0bececb32d90de9f74fbc2bb4622af2fcebf862de0bdfd40a19192fdc AS cosign
-FROM quay.io/redhat-user-workloads/rhtas-tenant/cli/gitsign@sha256:5b14542b2e0288c9f3dffe8e70891510846573ffca5113291157c603983b2c4c AS gitsign
+FROM quay.io/securesign/cli-cosign@sha256:c0187868dbf5c7dcaa545a07a194ef90b50655df497db3f7f0de0a3c4eaa41f7 AS cosign
+FROM quay.io/securesign/gitsign@sha256:3229dc9d5bad1344663ac92a980eb6abcd5715dc3812a20a2129f60b885ececf AS gitsign
 
 FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:82fad27b91361473d919522a01a1198f327230bf8d2b569a8995bdcd6ac7cb94
 ENV APP_ROOT=/opt/app-root
@@ -31,7 +31,7 @@ COPY --from=gitsign /usr/local/bin/gitsign_cli_windows_amd64.exe.gz $APP_ROOT/sr
 LABEL \
       com.redhat.component="trusted-artifact-signer-serve-cli-container-cg" \
       name="trusted-artifact-signer-serve-cli-container-cg" \
-      version="1.0.0" \
+      version="1.1.0" \
       summary="Red Hat serves Trusted Artifact Signer CLI binaries, cosign and gitsign" \
       description="Serves Trusted Artifact Signer CLI binaries, cosign and gitsign, from an HTTP server" \
       io.k8s.description="Serves Trusted Artifact Signer CLI binaries, cosign and gitsign, from an HTTP server" \
diff --git a/Dockerfile.client-server-f.rh b/Dockerfile.client-server-f.rh
new file mode 100644
index 00000000000..bb95ee6b2e8
--- /dev/null
+++ b/Dockerfile.client-server-f.rh
@@ -0,0 +1,29 @@
+# Provides the Trusted Artifact Signer CLI binary, fetch-tsa-certs
+FROM quay.io/securesign/fetch-tsa-certs@sha256:04ee10dd6f36b7ebca80c0e7badeb5c69d4ae2b37eb1abbea204d1af4eb1d0cc as fetch_tsa_certs
+
+FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:73f7dcacb460dad137a58f24668470a5a2e47378838a0190eef0ab532c6e8998
+ENV APP_ROOT=/opt/app-root
+WORKDIR $APP_ROOT/src/
+
+RUN mkdir -p $APP_ROOT/src/clients/darwin && \
+    mkdir -p $APP_ROOT/src/clients/linux && \
+    mkdir -p $APP_ROOT/src/clients/windows
+
+COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_darwin_arm64.gz  $APP_ROOT/src/clients/darwin/fetch-tsa-certs-arm64.gz
+COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_darwin_amd64.gz  $APP_ROOT/src/clients/darwin/fetch-tsa-certs-amd64.gz
+COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_amd64.gz  $APP_ROOT/src/clients/linux/fetch-tsa-certs-amd64.gz
+COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_arm64.gz  $APP_ROOT/src/clients/linux/fetch-tsa-certs-arm64.gz
+COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_ppc64le.gz $APP_ROOT/src/clients/linux/fetch-tsa-certs-ppc64le.gz
+COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_linux_s390x.gz   $APP_ROOT/src/clients/linux/fetch-tsa-certs-s390x.gz
+COPY --from=fetch_tsa_certs /usr/local/bin/fetch_tsa_certs_windows_amd64.exe.gz $APP_ROOT/src/clients/windows/fetch-tsa-certs-amd64.gz
+
+LABEL \
+    com.redhat.component="trusted-artifact-signer-serve-cli-container-f" \
+    name="trusted-artifact-signer-serve-cli-container-f" \
+    version="1.1.0" \
+    summary="Red Hat serves Trusted Artifact Signer CLI binary fetch-tsa-certs" \
+    description="Serves Trusted Artifact Signer CLI binary fetch-tsa-certs, from an HTTP server" \
+    io.k8s.description="Serves Trusted Artifact Signer CLI binary fetch-tsa-certs, from an HTTP server" \
+    io.k8s.display-name="Red Hat serves Trusted Artifact Signer CLI binary fetch-tsa-certs" \
+    io.openshift.tags="timestamp authority, fetch-tsa-certs, rhtas, trusted, artifact, signer, sigstore" \
+    maintainer="trusted-artifact-signer@redhat.com"
diff --git a/Dockerfile.client-server-re.rh b/Dockerfile.client-server-re.rh
index a012bdec4fd..97b12d714fc 100644
--- a/Dockerfile.client-server-re.rh
+++ b/Dockerfile.client-server-re.rh
@@ -1,7 +1,7 @@
 # Provides the Trusted Artifact Signer CLI binaries, rekor-cli and ec
 
 
-FROM quay.io/redhat-user-workloads/rhtas-tenant/rekor/rekor-cli@sha256:c0f25ceca5534dc597904293cf376bcbedefe0d90322fd7b136c913e3bc059a6 as rekor
+FROM quay.io/securesign/rekor-cli@sha256:285603d7aba24ecd88d98afb20807968a12557fd33a31c52b57df528c3cf57c4 as rekor
 FROM quay.io/redhat-user-workloads/rhtap-contract-tenant/ec-v04/cli-v04@sha256:013fed3832c831cfa45ecad66ba335ebb0438ade168174d474c0ed1ac3c2c59c as ec
 
 FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:82fad27b91361473d919522a01a1198f327230bf8d2b569a8995bdcd6ac7cb94
@@ -32,7 +32,7 @@ COPY --from=ec /usr/local/bin/ec_windows_amd64.exe.gz $APP_ROOT/src/clients/wind
 LABEL \
       com.redhat.component="trusted-artifact-signer-serve-cli-container-re" \
       name="trusted-artifact-signer-serve-cli-container-re" \
-      version="1.0.0" \
+      version="1.1.0" \
       summary="Red Hat serves Trusted Artifact Signer CLI binaries, rekor-cli and ec" \
       description="Serves Trusted Artifact Signer CLI binaries, rekor-cli and ec, from an HTTP server" \
       io.k8s.description="Serves Trusted Artifact Signer CLI binaries, rekor-cli and ec, from an HTTP server" \