diff --git a/.changelog/12655.txt b/.changelog/12655.txt
new file mode 100644
index 000000000..48237a314
--- /dev/null
+++ b/.changelog/12655.txt
@@ -0,0 +1,4 @@
+```release-note:improvement
+Removed impediments to using a namespace prefixed IntermediatePKIPath
+in a CA definition. 
+```
diff --git a/agent/connect/ca/provider_vault.go b/agent/connect/ca/provider_vault.go
index beec649c3..787e5a247 100644
--- a/agent/connect/ca/provider_vault.go
+++ b/agent/connect/ca/provider_vault.go
@@ -356,22 +356,22 @@ func (v *VaultProvider) setupIntermediatePKIPath() error {
 	if v.setupIntermediatePKIPathDone {
 		return nil
 	}
-	mounts, err := v.client.Sys().ListMounts()
+
+	_, err := v.getCA(v.config.IntermediatePKIPath)
 	if err != nil {
-		return err
-	}
+		if err == ErrBackendNotMounted {
+			err := v.client.Sys().Mount(v.config.IntermediatePKIPath, &vaultapi.MountInput{
+				Type:        "pki",
+				Description: "intermediate CA backend for Consul Connect",
+				Config: vaultapi.MountConfigInput{
+					MaxLeaseTTL: v.config.IntermediateCertTTL.String(),
+				},
+			})
 
-	// Mount the backend if it isn't mounted already.
-	if _, ok := mounts[v.config.IntermediatePKIPath]; !ok {
-		err := v.client.Sys().Mount(v.config.IntermediatePKIPath, &vaultapi.MountInput{
-			Type:        "pki",
-			Description: "intermediate CA backend for Consul Connect",
-			Config: vaultapi.MountConfigInput{
-				MaxLeaseTTL: v.config.IntermediateCertTTL.String(),
-			},
-		})
-
-		if err != nil {
+			if err != nil {
+				return err
+			}
+		} else {
 			return err
 		}
 	}