diff --git a/manifests/cacert.pp b/manifests/cacert.pp
new file mode 100644
index 0000000..dc4c538
--- /dev/null
+++ b/manifests/cacert.pp
@@ -0,0 +1,21 @@
+# adds infra cloud chain to trusted certs
+class infracloud::cacert (
+  $cacert_content,
+) {
+  file { '/usr/local/share/ca-certificates/openstack_infra_ca.crt':
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0444',
+    content =>  $cacert_content,
+    replace => true,
+  }
+
+  exec { 'update-ca-certificates':
+    command     => '/usr/sbin/update-ca-certificates',
+    subscribe   => [
+        File['/usr/local/share/ca-certificates/openstack_infra_ca.crt'],
+      ],
+    refreshonly => true,
+  }
+}