define ssl::cert(
  $ensure   = present,
  $owner    = 'root',
  $group    = 'root',
  $pubmode  = '644',
  $privmode = '600',
  $base     = '/etc/ssl',
  $private  = true,
  $main     = false,
  $verify   = true,
) {
  file { "${base}/certs/${name}.crt":
    ensure  => $ensure,
    owner   => $owner,
    group   => $group,
    mode    => $pubmode,
    source  => $ensure ? {
      'present' => "puppet:///ssl/${name}.crt",
      default   => undef,
    },
    require => File["${base}/certs"],
  }

  if ($private == true) {
    file { "${base}/private/$name.pem":
      ensure  => $ensure,
      owner   => $owner,
      group   => $group,
      mode    => $privmode,
      backup  => false, # Do not backup the private key
      source  => $ensure ? {
        'present' => "puppet:///ssl/${name}.pem",
        default   => undef,
      },
      require => File["${base}/private"],
    }
  }

  if ($main == true) {
    file { "${base}/certs/cert.crt":
      ensure => "${base}/certs/${name}.crt",
    }

    file { "${base}/private/cert.pem":
      ensure => "${base}/private/${name}.pem",
    }
  }

  ssl::check { "${name}":
    file   => true,
    base   => $base,
    ensure => $ensure ? {
      present => $verify ? {
        true    => present,
        default => absent,
      },
      default => absent,
    },
  }
}