+ if $insecure_ssl {
+ $extra_ssl_certs_flags = ' --default'
+ $ssl_certs_config = 'puppet:///modules/ssl/ca-certificates-global.conf'
+ } else {
+ $extra_ssl_certs_flags = ''
+ $ssl_certs_config = 'puppet:///modules/ssl/ca-certificates.conf'
+ }
+
+ file { '/etc/ssl/README':
+ mode => '0444',
+ source => 'puppet:///modules/ssl/README',
+ }
+ file { '/etc/ca-certificates.conf':
+ source => $ssl_certs_config,
+ notify => Exec['refresh_normal_hashes'],
+ }
+ file { '/etc/ca-certificates-debian.conf':
+ mode => '0444',
+ source => 'puppet:///modules/ssl/ca-certificates.conf',
+ notify => Exec['refresh_ca_debian_hashes'],
+ }
+ file { '/etc/ca-certificates-global.conf':
+ source => 'puppet:///modules/ssl/ca-certificates-global.conf',
+ notify => Exec['refresh_ca_global_hashes'],
+ }
+
+ file { '/etc/ssl/certs/ssl-cert-snakeoil.pem':
+ ensure => absent,
+ notify => Exec['refresh_normal_hashes'],
+ }
+ file { '/etc/ssl/private/ssl-cert-snakeoil.key':
+ ensure => absent,
+ }
+