diff --git a/manifests/neutron.pp b/manifests/neutron.pp
index 4a6feb8d1..ffaef686b 100644
--- a/manifests/neutron.pp
+++ b/manifests/neutron.pp
@@ -208,10 +208,24 @@ class openstack_integration::neutron (
     mechanism_drivers    => $driver,
     firewall_driver      => $firewall_driver,
   }
+
+  if $::openstack_integration::config::ssl {
+    # with nova metadata api running via wsgi it is ssl terminated, also
+    # neutron metadata agent does not support an ipv6 address for the
+    # metadata_host, so we need to use the hostname
+    $metadata_host     = 'localhost'
+    $metadata_protocol = 'https'
+  } else {
+    $metadata_host     = $::openstack_integration::config::host
+    $metadata_protocol = 'http'
+  }
+
   class { '::neutron::agents::metadata':
-    debug            => true,
-    shared_secret    => 'a_big_secret',
-    metadata_workers => 2,
+    debug             => true,
+    shared_secret     => 'a_big_secret',
+    metadata_workers  => 2,
+    metadata_host     => $metadata_host,
+    metadata_protocol => $metadata_protocol,
   }
   class { '::neutron::agents::lbaas':
     interface_driver => $driver,
diff --git a/manifests/nova.pp b/manifests/nova.pp
index 7c7d970c7..ff4656909 100644
--- a/manifests/nova.pp
+++ b/manifests/nova.pp
@@ -131,10 +131,12 @@ class openstack_integration::nova (
   }
   class { '::nova::api':
     api_bind_address                     => $::openstack_integration::config::host,
-    neutron_metadata_proxy_shared_secret => 'a_big_secret',
-    metadata_workers                     => 2,
     sync_db_api                          => true,
     service_name                         => 'httpd',
+    nova_metadata_wsgi_enabled           => true,
+  }
+  class { '::nova::metadata':
+    neutron_metadata_proxy_shared_secret => 'a_big_secret',
   }
   include ::apache
   class { '::nova::wsgi::apache_api':
@@ -144,6 +146,13 @@ class openstack_integration::nova (
     ssl       => $::openstack_integration::config::ssl,
     workers   => '2',
   }
+  class { '::nova::wsgi::apache_metadata':
+    bind_host => $::openstack_integration::config::ip_for_url,
+    ssl_key   => "/etc/nova/ssl/private/${::fqdn}.pem",
+    ssl_cert  => $::openstack_integration::params::cert_path,
+    ssl       => $::openstack_integration::config::ssl,
+    workers   => '2',
+  }
   if ($::os_package_type != 'debian') {
     class { '::nova::wsgi::apache_placement':
       bind_host => $::openstack_integration::config::ip_for_url,