diff --git a/manifests/config.pp b/manifests/config.pp
index 79c0d7554..246bb4126 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -69,5 +69,5 @@ class openstack_integration::config (
   $base_url           = "${proto}://${ip_for_url}"
   $keystone_auth_uri  = "${base_url}:5000"
   $keystone_admin_uri = "${base_url}:5000"
-  $tooz_url           = "redis://:a_big_secret@${ip_for_url}:6379"
+  $tooz_url           = "redis://:a_big_secret@${ip_for_url}:6379?ssl=${::openstack_integration::config::ssl}"
 }
diff --git a/manifests/redis.pp b/manifests/redis.pp
index 0a3515ff1..3f245e23b 100644
--- a/manifests/redis.pp
+++ b/manifests/redis.pp
@@ -1,9 +1,30 @@
 class openstack_integration::redis {
   include openstack_integration::config
 
+  $port = $openstack_integration::config::ssl ? {
+    true    => 0,
+    default => 6379
+  }
+  $tls_port = $openstack_integration::config::ssl ? {
+    true    => 6379,
+    default => 0
+  }
+
   class { 'redis':
-    bind           => $::openstack_integration::config::host,
-    ulimit_managed => false,
-    requirepass    => 'a_big_secret',
+    bind             => $::openstack_integration::config::host,
+    port             => $port,
+    tls_port         => $tls_port,
+    tls_cert_file    => $::openstack_integration::params::cert_path,
+    tls_key_file     => "/etc/redis/ssl/private/${facts['networking']['fqdn']}.pem",
+    tls_ca_cert_file => $::openstack_integration::params::ca_bundle_cert_path,
+    ulimit_managed   => false,
+    requirepass      => 'a_big_secret',
+  }
+
+  if $::openstack_integration::config::ssl {
+    openstack_integration::ssl_key { 'redis':
+      require => Package[$::redis::package_name],
+      notify  => Service[$::redis::service_name],
+    }
   }
 }