diff --git a/manifests/zaqar.pp b/manifests/zaqar.pp
index 7d0d52d4b..a173f9ea9 100644
--- a/manifests/zaqar.pp
+++ b/manifests/zaqar.pp
@@ -2,12 +2,28 @@ class openstack_integration::zaqar {
 
   include ::openstack_integration::config
 
+  if $::openstack_integration::config::ssl {
+    openstack_integration::ssl_key { 'zaqar':
+      notify  => Service['httpd'],
+      require => Package['zaqar-common'],
+    }
+    $key_file = "/etc/zaqar/ssl/private/${::fqdn}.pem"
+    $crt_file = $::openstack_integration::params::cert_path
+    Exec['update-ca-certificates'] ~> Service['httpd']
+  } else {
+    $key_file = undef
+    $crt_file = undef
+  }
+
   class { '::zaqar::db::mysql':
     password => 'zaqar',
   }
   class { '::zaqar::keystone::auth':
-    password => 'a_big_secret',
-    roles    => ['admin', 'ResellerAdmin'],
+    password     => 'a_big_secret',
+    roles        => ['admin', 'ResellerAdmin'],
+    public_url   => "${::openstack_integration::config::base_url}:8888",
+    internal_url => "${::openstack_integration::config::base_url}:8888",
+    admin_url    => "${::openstack_integration::config::base_url}:8888",
   }
   class {'::zaqar::management::sqlalchemy':
     uri => 'mysql+pymysql://zaqar:zaqar@127.0.0.1/zaqar?charset=utf8',
@@ -31,7 +47,11 @@ class openstack_integration::zaqar {
   }
   include ::apache
   class { '::zaqar::wsgi::apache':
-    ssl => false,
+    bind_host => $::openstack_integration::config::ip_for_url,
+    ssl       => $::openstack_integration::config::ssl,
+    ssl_cert  => $crt_file,
+    ssl_key   => $key_file,
+    workers   => 2,
   }
   # run a second instance using websockets, the Debian system does
   # not support the use of services to run a second instance.