diff --git a/manifests/params.pp b/manifests/params.pp
index a55e14c..a816b21 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -14,6 +14,10 @@
 # @param [String] pl_listen_address which address should the service listen on
 # @param [String] pl_listen_port which port should the service listen on
 # @param [String] pl_max_conn maximum connections the service will accept
+# @param [Boolean] pl_ssl_enabled whether SSL is enabled (true) or disabled (false)
+# @param [String] pl_server_crt the name of the server cert
+# @param [String] pl_server_key the name of the server key
+# @param [String] pl_ca_crt the name of the CA  crt
 # @summary Class contains all parameters for the postgresql_cd module.
 ##############################################################################
 class postgresql_cd::params (
@@ -21,7 +25,7 @@ class postgresql_cd::params (
   String $pl_server_fqdn    = undef,
 
   # installation
-  Array $reqpackages_server      = ['postgresql-server','postgresql-contrib'],
+  Array $reqpackages_server       = ['postgresql-server','postgresql-contrib'],
   String $reqpackages_client      = 'postgresql',
   String $pkg_ensure              = 'latest',
 
@@ -34,7 +38,11 @@ class postgresql_cd::params (
   # main config
   String $pl_listen_address       = '*',
   String $pl_listen_port          = '5432',
-  String $pl_max_conn              = '100',
+  String $pl_max_conn             = '100',
+  Boolean $pl_ssl_enabled         = false,
+  String $pl_server_crt           = 'server.crt',
+  String $pl_server_key           = 'server.key',
+  String $pl_ca_crt               = 'root.crt',
 
 ) {
   $fqdn                     = $facts['networking']['fqdn']
diff --git a/templates/postgresql.conf.erb b/templates/postgresql.conf.erb
index 5f8aa1b..b9fcb5f 100644
--- a/templates/postgresql.conf.erb
+++ b/templates/postgresql.conf.erb
@@ -95,11 +95,17 @@ max_connections     = <%= @pl_max_conn %>
 
 # - SSL -
 
-#ssl = off
-#ssl_ca_file = ''
-#ssl_cert_file = 'server.crt'
+<% if @pl_ssl_enabled == true -%>
+ssl 			= on
+ssl_ca_file 	= '<%= @pl_ca_crt -%>'
+ssl_cert_file 	= '<%= @pl_server_crt -%>'
+ssl_key_file 	= '<%= @pl_server_key -%>'
+<% end -%>
+<% if @pl_ssl_enabled != true -%>
+ssl = off
+<% end -%>
+
 #ssl_crl_file = ''
-#ssl_key_file = 'server.key'
 #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
 #ssl_prefer_server_ciphers = on
 #ssl_ecdh_curve = 'prime256v1'