diff --git a/manifests/init.pp b/manifests/init.pp
index 771179495..b35d3015b 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -248,14 +248,15 @@
     if !$cert_file {
       fail('The cert_file parameter is required when use_ssl is set to true')
     }
-    if !$ca_file {
-      fail('The ca_file parameter is required when use_ssl is set to true')
-    }
     if !$key_file {
       fail('The key_file parameter is required when use_ssl is set to true')
     }
   }
 
+  if $ca_file and !$use_ssl {
+    fail('The ca_file parameter requires that use_ssl to be set to true')
+  }
+
   if $rabbit_use_ssl {
     if !$kombu_ssl_ca_certs {
       fail('The kombu_ssl_ca_certs parameter is required when rabbit_use_ssl is set to true')
@@ -410,7 +411,11 @@
     neutron_config {
       'DEFAULT/ssl_cert_file' : value => $cert_file;
       'DEFAULT/ssl_key_file'  : value => $key_file;
-      'DEFAULT/ssl_ca_file'   : value => $ca_file;
+    }
+    if $ca_file {
+      neutron_config { 'DEFAULT/ssl_ca_file'   : value => $ca_file; }
+    } else {
+      neutron_config { 'DEFAULT/ssl_ca_file'   : ensure => absent; }
     }
   } else {
     neutron_config {
diff --git a/spec/classes/neutron_init_spec.rb b/spec/classes/neutron_init_spec.rb
index ecc699cfd..cd09c8429 100644
--- a/spec/classes/neutron_init_spec.rb
+++ b/spec/classes/neutron_init_spec.rb
@@ -185,6 +185,32 @@
     it { should contain_neutron_config('DEFAULT/ssl_ca_file').with_ensure('absent') }
   end
 
+  shared_examples_for 'with SSL socket options set and no ca_file' do
+    before do
+      params.merge!(
+        :use_ssl         => true,
+        :cert_file       => '/path/to/cert',
+        :key_file        => '/path/to/key'
+      )
+    end
+
+    it { should contain_neutron_config('DEFAULT/use_ssl').with_value('true') }
+    it { should contain_neutron_config('DEFAULT/ssl_cert_file').with_value('/path/to/cert') }
+    it { should contain_neutron_config('DEFAULT/ssl_key_file').with_value('/path/to/key') }
+    it { should contain_neutron_config('DEFAULT/ssl_ca_file').with_ensure('absent') }
+  end
+
+  shared_examples_for 'with SSL socket options disabled with ca_file' do
+    before do
+      params.merge!(
+        :use_ssl         => false,
+        :ca_file         => '/path/to/ca'
+      )
+    end
+
+    it_raises 'a Puppet::Error', /The ca_file parameter requires that use_ssl to be set to true/
+  end
+
   shared_examples_for 'with syslog disabled' do
     it { should contain_neutron_config('DEFAULT/use_syslog').with_value(false) }
   end