diff --git a/roles/trustca/handlers/main.yml b/roles/trustca/handlers/main.yml
new file mode 100644
index 0000000..b55fb3c
--- /dev/null
+++ b/roles/trustca/handlers/main.yml
@@ -0,0 +1,2 @@
+- name: update ca certs
+  command: '{{ ca_update_cmd }}'
diff --git a/roles/trustca/tasks/main.yml b/roles/trustca/tasks/main.yml
new file mode 100644
index 0000000..c094d60
--- /dev/null
+++ b/roles/trustca/tasks/main.yml
@@ -0,0 +1,16 @@
+- name: load distribution-specific variables
+  include_vars: '{{ item }}'
+  with_first_found:
+  - '{{ ansible_distribution }}.yml'
+  - '{{ ansible_os_family }}.yml'
+  - defaults.yml
+- name: ensure ca cert dir exists
+  file:
+    path={{ ca_store_dir }}
+    state=directory
+- name: ensure ca cert is installed
+  copy:
+    src={{ ca }}.crt
+    dest={{ ca_store_dir }}
+  notify: update ca certs
+- meta: flush_handlers
diff --git a/roles/trustca/vars/CentOS.yml b/roles/trustca/vars/CentOS.yml
new file mode 100644
index 0000000..133ba10
--- /dev/null
+++ b/roles/trustca/vars/CentOS.yml
@@ -0,0 +1,2 @@
+ca_store_dir: /etc/pki/ca-trust/source/anchors
+ca_update_cmd: update-ca-trust
diff --git a/roles/trustca/vars/Fedora.yml b/roles/trustca/vars/Fedora.yml
new file mode 100644
index 0000000..133ba10
--- /dev/null
+++ b/roles/trustca/vars/Fedora.yml
@@ -0,0 +1,2 @@
+ca_store_dir: /etc/pki/ca-trust/source/anchors
+ca_update_cmd: update-ca-trust
diff --git a/roles/trustca/vars/defaults.yml b/roles/trustca/vars/defaults.yml
new file mode 100644
index 0000000..845b8d1
--- /dev/null
+++ b/roles/trustca/vars/defaults.yml
@@ -0,0 +1,2 @@
+ca_store_dir: /usr/local/share/ca-certificates
+ca_update_cmd: update-ca-certificates