diff --git a/manifests/init.pp b/manifests/init.pp
index 5e555b2eb..7458004e9 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -621,13 +621,18 @@ class nova(
   if $use_ssl {
     nova_config {
       'DEFAULT/enabled_ssl_apis' : value => join($enabled_ssl_apis, ',');
-      'ssl/cert_file' :    value => $cert_file;
-      'ssl/key_file' :     value => $key_file;
+      'ssl/cert_file' :            value => $cert_file;
+      'ssl/key_file' :             value => $key_file;
+      'DEFAULT/ssl_cert_file' :    value => $cert_file;
+      'DEFAULT/ssl_key_file' :     value => $key_file;
     }
     if $ca_file {
       nova_config { 'ssl/ca_file' :
         value => $ca_file,
       }
+      nova_config { 'DEFAULT/ssl_ca_file' :
+        value => $ca_file,
+      }
     } else {
       nova_config { 'ssl/ca_file' :
         ensure => absent,
diff --git a/spec/classes/nova_init_spec.rb b/spec/classes/nova_init_spec.rb
index fcea38c82..eca4e135d 100644
--- a/spec/classes/nova_init_spec.rb
+++ b/spec/classes/nova_init_spec.rb
@@ -485,6 +485,9 @@ describe 'nova' do
       it { is_expected.to contain_nova_config('ssl/ca_file').with_value('/path/to/ca') }
       it { is_expected.to contain_nova_config('ssl/cert_file').with_value('/path/to/cert') }
       it { is_expected.to contain_nova_config('ssl/key_file').with_value('/path/to/key') }
+      it { is_expected.to contain_nova_config('DEFAULT/ssl_ca_file').with_value('/path/to/ca') }
+      it { is_expected.to contain_nova_config('DEFAULT/ssl_cert_file').with_value('/path/to/cert') }
+      it { is_expected.to contain_nova_config('DEFAULT/ssl_key_file').with_value('/path/to/key') }
     end
 
     context 'with SSL socket options set with wrong parameters' do