diff --git a/manifests/init.pp b/manifests/init.pp
index 4f9718410..02fbc22e0 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -128,6 +128,8 @@
 #
 # $server_ssl_verify_client::     Defines the Apache mod_ssl SSLVerifyClient setting in Foreman vhost conf file.
 #
+# $server_ca_file_configure::     Defines if the server_ca_file should also be configured for Foreman itself.
+#
 # $client_ssl_ca::                Defines the SSL CA used to communicate with Foreman Proxies
 #
 # $client_ssl_cert::              Defines the SSL certificate used to communicate with Foreman Proxies
@@ -250,6 +252,7 @@
   Variant[Enum[''], Stdlib::Absolutepath] $server_ssl_crl = $foreman::params::server_ssl_crl,
   Optional[String] $server_ssl_protocol = $foreman::params::server_ssl_protocol,
   Enum['none','optional','require','optional_no_ca'] $server_ssl_verify_client = $foreman::params::server_ssl_verify_client,
+  Boolean $server_ca_file_configure = $foreman::params::server_ca_file_configure,
   Stdlib::Absolutepath $client_ssl_ca = $foreman::params::client_ssl_ca,
   Stdlib::Absolutepath $client_ssl_cert = $foreman::params::client_ssl_cert,
   Stdlib::Absolutepath $client_ssl_key = $foreman::params::client_ssl_key,
diff --git a/manifests/params.pp b/manifests/params.pp
index d03fc3d65..182407835 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -156,6 +156,8 @@
   $server_ssl_protocol = undef
   $server_ssl_verify_client = 'optional'
 
+  $server_ca_file_configure = false
+
   # We need the REST API interface with OAuth for some REST Puppet providers
   $oauth_active = true
   $oauth_map_users = false
diff --git a/spec/classes/foreman_spec.rb b/spec/classes/foreman_spec.rb
index 071792b89..ed9b4d5df 100644
--- a/spec/classes/foreman_spec.rb
+++ b/spec/classes/foreman_spec.rb
@@ -215,6 +215,7 @@
             server_ssl_key: '/etc/ssl/private/snakeoil.pem',
             server_ssl_crl: '/etc/ssl/certs/ca/crl.pem',
             server_ssl_protocol: '-all +TLSv1.2',
+            server_ca_file_configure: true,
             client_ssl_ca: '/etc/ssl/certs/ca.pem',
             client_ssl_cert: '/etc/ssl/certs/snakeoil.pem',
             client_ssl_key: '/etc/ssl/private/key.pem',
@@ -268,6 +269,7 @@
           is_expected.to contain_concat__fragment('foreman_settings+01-header.yaml')
             .with_content(%r{^:websockets_ssl_key: /etc/ssl/private/snakeoil-ws\.pem$})
             .with_content(%r{^:websockets_ssl_cert: /etc/ssl/certs/snakeoil-ws\.pem$})
+            .with_content(%r{^:server_ca_file: /etc/ssl/certs/ca\.pem$})
         end
       end
 
diff --git a/templates/settings.yaml.erb b/templates/settings.yaml.erb
index 6df7e2076..f320f046e 100644
--- a/templates/settings.yaml.erb
+++ b/templates/settings.yaml.erb
@@ -24,6 +24,9 @@
 :ssl_certificate: <%= scope.lookupvar("foreman::client_ssl_cert") %>
 :ssl_ca_file: <%= scope.lookupvar("foreman::client_ssl_ca") %>
 :ssl_priv_key: <%= scope.lookupvar("foreman::client_ssl_key") %>
+<% if scope.lookupvar("foreman::server_ca_file_configure") -%>
+:server_ca_file: <%= scope.lookupvar("foreman::server_ssl_ca") %>
+<% end -%>
 
 # HSTS setting
 :hsts_enabled: <%= scope.lookupvar("foreman::hsts_enabled") %>