diff --git a/README.md b/README.md
index 1885936..c3f8488 100644
--- a/README.md
+++ b/README.md
@@ -33,6 +33,8 @@ Optional parameters:
                        module to manage other installed CA certificates. (defaults to true)
   * `ca_certs`: A hash of certificates you would like added. These may also be defined
                 by declaring `ca_cert::ca` once for each certificate.
+  * `force_enable`:  For RHEL 6 and earlier. When set to true, creates backups of the legacy config, removes it,
+                     and creates symlinks to the new config.
 
 ### ca_cert::ca
 
diff --git a/manifests/update.pp b/manifests/update.pp
index 1566020..9568020 100644
--- a/manifests/update.pp
+++ b/manifests/update.pp
@@ -1,14 +1,27 @@
 # Private class
-class ca_cert::update {
+class ca_cert::update (
+  Boolean $force_enable = false,
+)  {
   include ::ca_cert::params
 
   if ($::osfamily == 'RedHat' and versioncmp($::operatingsystemrelease, '7') < 0) {
-    exec { 'enable_ca_trust':
-      command   => 'update-ca-trust enable',
-      logoutput => 'on_failure',
-      path      => ['/usr/sbin', '/usr/bin', '/bin'],
-      onlyif    => 'update-ca-trust check | grep DISABLED',
-      before    => Exec['ca_cert_update'],
+    if $force_enable {
+      exec { 'enable_ca_trust':
+        command   => 'update-ca-trust force-enable',
+        logoutput => 'on_failure',
+        path      => ['/usr/sbin', '/usr/bin', '/bin'],
+        onlyif    => 'update-ca-trust check | grep DISABLED',
+        before    => Exec['ca_cert_update'],
+      }
+    }
+    else {
+      exec { 'enable_ca_trust':
+        command   => 'update-ca-trust enable',
+        logoutput => 'on_failure',
+        path      => ['/usr/sbin', '/usr/bin', '/bin'],
+        onlyif    => 'update-ca-trust check | grep DISABLED',
+        before    => Exec['ca_cert_update'],
+      }
     }
   }
 
diff --git a/spec/classes/update_spec.rb b/spec/classes/update_spec.rb
index 06e681f..19c0300 100644
--- a/spec/classes/update_spec.rb
+++ b/spec/classes/update_spec.rb
@@ -21,7 +21,22 @@
         if facts[:operatingsystemrelease] == '7.0'
           it { is_expected.not_to contain_exec('enable_ca_trust') }
         else
-          it { is_expected.to contain_exec('enable_ca_trust').with_command('update-ca-trust enable') }
+          context "with force_enable set to true" do
+            let :params do
+            {
+              :force_enable => true
+            }
+            end
+            it { is_expected.to contain_exec('enable_ca_trust').with_command('update-ca-trust force-enable') }
+          end
+          context "with force_enable set to false" do
+            let :params do
+              {
+                :force_enable => false
+              }
+            end
+            it { is_expected.to contain_exec('enable_ca_trust').with_command('update-ca-trust enable') }
+          end
         end
         it { is_expected.to contain_exec('ca_cert_update').with(
           :command     => 'update-ca-trust extract',