diff --git a/manifests/init.pp b/manifests/init.pp
index 49da93d09..7db1835e6 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -71,6 +71,28 @@
 #   (optional) The RabbitMQ virtual host.
 #   Defaults to '/'
 #
+# [*rabbit_use_ssl*]
+#   (optional) Connect over SSL for RabbitMQ
+#   Defaults to false
+#
+# [*kombu_ssl_ca_certs*]
+#   (optional) SSL certification authority file (valid only if SSL enabled).
+#   Defaults to undef
+#
+# [*kombu_ssl_certfile*]
+#   (optional) SSL cert file (valid only if SSL enabled).
+#   Defaults to undef
+#
+# [*kombu_ssl_keyfile*]
+#   (optional) SSL key file (valid only if SSL enabled).
+#   Defaults to undef
+#
+# [*kombu_ssl_version*]
+#   (optional) SSL version to use (valid only if SSL enabled).
+#   Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
+#   available on some distributions.
+#   Defaults to 'SSLv3'
+#
 # [*amqp_durable_queues*]
 #   (optional) Define queues as "durable" to rabbitmq.
 #   Defaults to false
@@ -188,6 +210,11 @@ class nova(
   $rabbit_port              = '5672',
   $rabbit_userid            = 'guest',
   $rabbit_virtual_host      = '/',
+  $rabbit_use_ssl           = false,
+  $kombu_ssl_ca_certs       = undef,
+  $kombu_ssl_certfile       = undef,
+  $kombu_ssl_keyfile        = undef,
+  $kombu_ssl_version        = 'SSLv3',
   $amqp_durable_queues      = false,
   $qpid_hostname            = 'localhost',
   $qpid_port                = '5672',
@@ -358,9 +385,43 @@ class nova(
       'DEFAULT/rabbit_password':     value => $rabbit_password, secret => true;
       'DEFAULT/rabbit_userid':       value => $rabbit_userid;
       'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host;
+      'DEFAULT/rabbit_use_ssl':      value => $rabbit_use_ssl;
       'DEFAULT/amqp_durable_queues': value => $amqp_durable_queues;
     }
 
+    if $rabbit_use_ssl {
+      if $kombu_ssl_ca_certs {
+        nova_config { 'DEFAULT/kombu_ssl_ca_certs': value => $kombu_ssl_ca_certs }
+      } else {
+        nova_config { 'DEFAULT/kombu_ssl_ca_certs': ensure => absent}
+      }
+
+      if $kombu_ssl_certfile {
+        nova_config { 'DEFAULT/kombu_ssl_certfile': value => $kombu_ssl_certfile }
+      } else {
+        nova_config { 'DEFAULT/kombu_ssl_certfile': ensure => absent}
+      }
+
+      if $kombu_ssl_keyfile {
+        nova_config { 'DEFAULT/kombu_ssl_keyfile': value => $kombu_ssl_keyfile }
+      } else {
+        nova_config { 'DEFAULT/kombu_ssl_keyfile': ensure => absent}
+      }
+
+      if $kombu_ssl_version {
+        nova_config { 'DEFAULT/kombu_ssl_version': value => $kombu_ssl_version }
+      } else {
+        nova_config { 'DEFAULT/kombu_ssl_version': ensure => absent}
+      }
+    } else {
+      nova_config {
+        'DEFAULT/kombu_ssl_ca_certs': ensure => absent;
+        'DEFAULT/kombu_ssl_certfile': ensure => absent;
+        'DEFAULT/kombu_ssl_keyfile':  ensure => absent;
+        'DEFAULT/kombu_ssl_version':  ensure => absent;
+      }
+    }
+
     if $rabbit_hosts {
       nova_config { 'DEFAULT/rabbit_hosts':     value => join($rabbit_hosts, ',') }
       nova_config { 'DEFAULT/rabbit_ha_queues': value => true }
diff --git a/spec/classes/nova_init_spec.rb b/spec/classes/nova_init_spec.rb
index 9f8e4ae4c..92d9d6a75 100644
--- a/spec/classes/nova_init_spec.rb
+++ b/spec/classes/nova_init_spec.rb
@@ -250,7 +250,12 @@ describe 'nova' do
         should_not contain_nova_config('DEFAULT/rabbit_port')
         should contain_nova_config('DEFAULT/rabbit_hosts').with_value('rabbit:5673,rabbit2:5674')
         should contain_nova_config('DEFAULT/rabbit_ha_queues').with_value(true)
+        should contain_nova_config('DEFAULT/rabbit_use_ssl').with_value(false)
         should contain_nova_config('DEFAULT/amqp_durable_queues').with_value(false)
+        should contain_nova_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
+        should contain_nova_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
+        should contain_nova_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
+        should contain_nova_config('DEFAULT/kombu_ssl_version').with_ensure('absent')
       end
     end
 
@@ -264,6 +269,7 @@ describe 'nova' do
         should_not contain_nova_config('DEFAULT/rabbit_port')
         should contain_nova_config('DEFAULT/rabbit_hosts').with_value('rabbit:5673')
         should contain_nova_config('DEFAULT/rabbit_ha_queues').with_value(true)
+        should contain_nova_config('DEFAULT/rabbit_use_ssl').with_value(false)
         should contain_nova_config('DEFAULT/amqp_durable_queues').with_value(false)
       end
     end
@@ -279,7 +285,51 @@ describe 'nova' do
         should_not contain_nova_config('DEFAULT/rabbit_port')
         should contain_nova_config('DEFAULT/rabbit_hosts').with_value('rabbit:5673')
         should contain_nova_config('DEFAULT/rabbit_ha_queues').with_value(true)
+        should contain_nova_config('DEFAULT/rabbit_use_ssl').with_value(false)
         should contain_nova_config('DEFAULT/amqp_durable_queues').with_value(true)
+        should contain_nova_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
+        should contain_nova_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
+        should contain_nova_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
+        should contain_nova_config('DEFAULT/kombu_ssl_version').with_ensure('absent')
+      end
+    end
+
+    context 'with rabbit_use_ssl parameter' do
+      let :params do
+        { :rabbit_hosts   => ['rabbit:5673'],
+          :rabbit_use_ssl => 'true' }
+      end
+
+      it 'configures rabbit' do
+        should_not contain_nova_config('DEFAULT/rabbit_host')
+        should_not contain_nova_config('DEFAULT/rabbit_port')
+        should contain_nova_config('DEFAULT/rabbit_hosts').with_value('rabbit:5673')
+        should contain_nova_config('DEFAULT/rabbit_ha_queues').with_value(true)
+        should contain_nova_config('DEFAULT/rabbit_use_ssl').with_value(true)
+        should contain_nova_config('DEFAULT/amqp_durable_queues').with_value(false)
+        should contain_nova_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent')
+        should contain_nova_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent')
+        should contain_nova_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent')
+        should contain_nova_config('DEFAULT/kombu_ssl_version').with_value('SSLv3')
+      end
+    end
+
+    context 'with amqp ssl parameters' do
+      let :params do
+        { :rabbit_hosts       => ['rabbit:5673'],
+          :rabbit_use_ssl     => 'true',
+          :kombu_ssl_ca_certs => '/etc/ca.cert',
+          :kombu_ssl_certfile => '/etc/certfile',
+          :kombu_ssl_keyfile  => '/etc/key',
+          :kombu_ssl_version  => 'TLSv1', }
+      end
+
+      it 'configures rabbit' do
+        should contain_nova_config('DEFAULT/rabbit_use_ssl').with_value(true)
+        should contain_nova_config('DEFAULT/kombu_ssl_ca_certs').with_value('/etc/ca.cert')
+        should contain_nova_config('DEFAULT/kombu_ssl_certfile').with_value('/etc/certfile')
+        should contain_nova_config('DEFAULT/kombu_ssl_keyfile').with_value('/etc/key')
+        should contain_nova_config('DEFAULT/kombu_ssl_version').with_value('TLSv1')
       end
     end