diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp
index 0ab2a028b..f7efe8823 100644
--- a/manifests/wsgi/apache.pp
+++ b/manifests/wsgi/apache.pp
@@ -138,7 +138,7 @@ class keystone::wsgi::apache (
   $bind_host                         = undef,
   $api_port                          = 5000,
   $path                              = '/',
-  $ssl                               = true,
+  $ssl                               = undef,
   $workers                           = $::os_workers_keystone,
   $ssl_cert                          = undef,
   $ssl_key                           = undef,
@@ -165,6 +165,11 @@ class keystone::wsgi::apache (
   $custom_wsgi_process_options       = {},
 ) inherits keystone::params {
 
+  if $ssl == undef {
+    warning('Default of the ssl parameter will be changed in a future release')
+  }
+  $ssl_real = pick($ssl, true)
+
   include keystone::deps
 
   # TODO(tobias-urdin): This dependency chaining can be moved to keystone::deps
@@ -201,7 +206,7 @@ class keystone::wsgi::apache (
     threads                     => $threads,
     user                        => $::keystone::params::keystone_user,
     priority                    => $priority,
-    ssl                         => $ssl,
+    ssl                         => $ssl_real,
     ssl_cert                    => $ssl_cert,
     ssl_key                     => $ssl_key,
     ssl_chain                   => $ssl_chain,
diff --git a/releasenotes/notes/prepare-to-change-apache-ssl-4e14bf4eccb8273f.yaml b/releasenotes/notes/prepare-to-change-apache-ssl-4e14bf4eccb8273f.yaml
new file mode 100644
index 000000000..4b21fe221
--- /dev/null
+++ b/releasenotes/notes/prepare-to-change-apache-ssl-4e14bf4eccb8273f.yaml
@@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    Default value of the ``keystone::wsgi::apache::ssl`` parameter will be
+    changed from ``true`` to ``false`` in a future release. Make sure
+    the parameter is set to the desired value.