diff --git a/manifests/site.pp b/manifests/site.pp
index 6f9777f754..af8efecf17 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -36,8 +36,11 @@ node 'gerrit-dev.openstack.org', 'review-dev.openstack.org' {
 
 node 'jenkins.openstack.org' {
   class { 'openstack_project::jenkins':
-    jenkins_jobs_password => hiera('jenkins_jobs_password'),
-    sysadmins             => hiera('sysadmins'),
+    jenkins_jobs_password   => hiera('jenkins_jobs_password'),
+    ssl_cert_file_contents  => hiera('jenkins_ssl_cert_file_contents'),
+    ssl_key_file_contents   => hiera('jenkins_ssl_key_file_contents'),
+    ssl_chain_file_contents => hiera('jenkins_ssl_chain_file_contents'),
+    sysadmins               => hiera('sysadmins'),
   }
   class { 'openstack_project::zuul':
     jenkins_server  => "https://${::fqdn}",
diff --git a/modules/jenkins/manifests/master.pp b/modules/jenkins/manifests/master.pp
index 60f41cf6d7..742949fada 100644
--- a/modules/jenkins/manifests/master.pp
+++ b/modules/jenkins/manifests/master.pp
@@ -1,9 +1,13 @@
-class jenkins::master($vhost_name=$fqdn,
-      $serveradmin="webmaster@$fqdn",
-      $logo,
-      $ssl_cert_file='',
-      $ssl_key_file='',
-      $ssl_chain_file=''
+class jenkins::master(
+  $vhost_name=$fqdn,
+  $serveradmin="webmaster@$fqdn",
+  $logo,
+  $ssl_cert_file='',
+  $ssl_key_file='',
+  $ssl_chain_file='',
+  $ssl_cert_file_contents='', # If left empty puppet will not create file.
+  $ssl_key_file_contents='', # If left empty puppet will not create file.
+  $ssl_chain_file_contents='' # If left empty puppet will not create file.
 ) {
   include pip
   include apt
@@ -41,6 +45,39 @@ class jenkins::master($vhost_name=$fqdn,
     ensure => present
   }
 
+  if $ssl_cert_file_contents != '' {
+    file { $ssl_cert_file:
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0640',
+      content => $ssl_cert_file_contents,
+      require => Class[apache],
+      before  => Apache::Vhost[$vhost_name],
+    }
+  }
+
+  if $ssl_key_file_contents != '' {
+    file { $ssl_key_file:
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0640',
+      content => $ssl_key_file_contents,
+      require => Class[apache],
+      before  => Apache::Vhost[$vhost_name],
+    }
+  }
+
+  if $ssl_chain_file_contents != '' {
+    file { $ssl_chain_file:
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0640',
+      content => $ssl_chain_file_contents,
+      require => Class[apache],
+      before  => Apache::Vhost[$vhost_name],
+    }
+  }
+
   $packages = [
     'python-babel',
     'wget',
diff --git a/modules/openstack_project/manifests/jenkins.pp b/modules/openstack_project/manifests/jenkins.pp
index 1313066599..ca78f071ea 100644
--- a/modules/openstack_project/manifests/jenkins.pp
+++ b/modules/openstack_project/manifests/jenkins.pp
@@ -1,40 +1,47 @@
 class openstack_project::jenkins (
   $jenkins_jobs_password,
-  $sysadmins = []
+  $ssl_cert_file_contents = '',
+  $ssl_key_file_contents = '',
+  $ssl_chain_file_contents = '',
+  $sysadmins = [],
 ) {
 
   class { 'openstack_project::server':
     iptables_public_tcp_ports => [80, 443, 4155],
-    sysadmins => $sysadmins
+    sysadmins                 => $sysadmins
   }
 
+  $vhost_name = 'jenkins.openstack.org'
   class { '::jenkins::master':
-    vhost_name => 'jenkins.openstack.org',
-    serveradmin => 'webmaster@openstack.org',
-    logo => 'openstack.png',
-    ssl_cert_file => '/etc/ssl/certs/jenkins.openstack.org.pem',
-    ssl_key_file => '/etc/ssl/private/jenkins.openstack.org.key',
-    ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
+    vhost_name              => $vhost_name,
+    serveradmin             => 'webmaster@openstack.org',
+    logo                    => 'openstack.png',
+    ssl_cert_file           => '/etc/ssl/certs/jenkins.openstack.org.pem',
+    ssl_key_file            => '/etc/ssl/private/jenkins.openstack.org.key',
+    ssl_chain_file          => '/etc/ssl/certs/intermediate.pem',
+    ssl_cert_file_contents  => $ssl_cert_file_contents,
+    ssl_key_file_contents   => $ssl_key_file_contents,
+    ssl_chain_file_contents => $ssl_chain_file_contents,
   }
 
-  class { "::jenkins::job_builder":
-    url => "https://jenkins.openstack.org/",
-    username => "gerrig",
+  class { '::jenkins::job_builder':
+    url      => "https://${vhost_name}/",
+    username => 'gerrig',
     password => $jenkins_jobs_password,
   }
 
   file { '/etc/jenkins_jobs/config':
-    owner => 'root',
-    group => 'root',
-    mode => 755,
-    ensure => 'directory',
+    ensure  => directory,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0755',
     recurse => true,
-    source => ['puppet:///modules/openstack_project/jenkins_job_builder/config'],
-    notify => Exec["jenkins_jobs_update"]
+    source  => ['puppet:///modules/openstack_project/jenkins_job_builder/config'],
+    notify  => Exec['jenkins_jobs_update']
   }
 
-  file { "/etc/default/jenkins":
-    ensure => 'present',
+  file { '/etc/default/jenkins':
+    ensure => present,
     source => 'puppet:///modules/openstack_project/jenkins/jenkins.default'
   }