diff --git a/roles/extra_rpms/tasks/main.yml b/roles/extra_rpms/tasks/main.yml
index 1075221a13e750f30ea95ec284b8f186d50687ff..8dcf07de56a4a03f8cf52aaf3349a5a8193d224d 100644
--- a/roles/extra_rpms/tasks/main.yml
+++ b/roles/extra_rpms/tasks/main.yml
@@ -1,10 +1,4 @@
 ---
-
-- name: "update cache"
-  shell: yum update -y
-  sudo: true
-  when: ansible_os_family == 'RedHat'
-
 - name: "Install extra packages"
   yum: "name={{ item }} state=latest"
   with_items:
diff --git a/roles/karaage3.1.17/tasks/main.yml b/roles/karaage3.1.17/tasks/main.yml
index 97bee7661e79a272285cf7b9d5f72d5ddd9ed497..555217c41672b0b82c9ff965f9ea11556f6afcff 100644
--- a/roles/karaage3.1.17/tasks/main.yml
+++ b/roles/karaage3.1.17/tasks/main.yml
@@ -1,13 +1,18 @@
 ---
  - name: "Copying the apache key file"
-   template: src="files/{{ apache_key_file }}" dest="{{ x509_key_file }}" mode=0644
+   template: src="files/{{ apache_key_file }}" dest="/etc/ssl/private/{{ apache_key_file }}" mode=0600 owner=www-data group=www-data
    sudo: true
    when: apache_key_file is defined
  
  - name: "Copying the apache cert file"
-   template: src="files/{{ apache_cert_file }}" dest="{{ x509_cert_file }}" mode=0644
+   template: src="files/{{ apache_cert_file }}" dest="/etc/ssl/certs/{{ apache_cert_file }}" mode=0644 owner=www-data group=www-data
    sudo: true
    when: apache_cert_file is defined
+ 
+ - name: "Copying the apache cert chain file"
+   template: src="files/{{ apache_chain_file }}" dest="/etc/ssl/certs/{{ apache_chain_file }}" mode=0644 owner=www-data group=www-data
+   sudo: true
+   when: apache_chain_file is defined
 
  - include: prerequisitesDebian.yml
    when: ansible_os_family == "Debian"
diff --git a/roles/karaage3.1.17/templates/default-ssl.j2 b/roles/karaage3.1.17/templates/default-ssl.j2
index 6462e0a413c8c1e102d02f36eb680324c1938b5e..761a48743de26319ae95b3beeb07b24984aa028d 100644
--- a/roles/karaage3.1.17/templates/default-ssl.j2
+++ b/roles/karaage3.1.17/templates/default-ssl.j2
@@ -42,15 +42,16 @@
 	#   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
 	#   If both key and certificate are stored in the same file, only the
 	#   SSLCertificateFile directive is needed.
-	SSLCertificateFile    {{ x509_cert_file }}
-	SSLCertificateKeyFile {{ x509_key_file }} 
+	SSLCertificateFile    /etc/ssl/certs/{{ apache_cert_file }}
+	SSLCertificateKeyFile /etc/ssl/private/{{ apache_key_file }} 
+
 	#   Server Certificate Chain:
 	#   Point SSLCertificateChainFile at a file containing the
 	#   concatenation of PEM encoded CA certificates which form the
 	#   certificate chain for the server certificate. Alternatively
 	#   when the CA certificates are directly appended to the server
 	#   certificate for convinience.
-	#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+	SSLCertificateChainFile /etc/ssl/certs/{{ apache_chain_file }} 
 
 	#   Certificate Authority (CA):
 	#   Set the CA certificate verification path where to find CA
@@ -59,13 +60,6 @@
 	#   Note: Inside SSLCACertificatePath you need hash symlinks
 	#         to point to the certificate files. Use the provided
 	#         Makefile to update the hash symlinks after changes.
-    {% if ldapCaCertFile is defined and ldapCaCertDir is defined %}
-    SSLCACertificatePath {{ ldapCaCertDir }} 
-    SSLCACertificateFile {{ ldapCaCertDir }}/{{ ldapCaCertFile }}
-    {% else %}
-    SSLCACertificatePath /etc/ssl/certs/
-    SSLCACertificateFile {{ x509_cacert_file }}
-    {% endif %}
 
 	#   Certificate Revocation Lists (CRL):
 	#   Set the CA revocation path where to find CA CRLs for client
diff --git a/roles/karaage3.1.17/vars/readme.txt b/roles/karaage3.1.17/vars/readme.txt
index ab2fcb044db48d903df29ced0d71413e98f89029..d12bb5aeb0431479afb3a6f5e193e2a2281a320d 100644
--- a/roles/karaage3.1.17/vars/readme.txt
+++ b/roles/karaage3.1.17/vars/readme.txt
@@ -1,4 +1,5 @@
 
 apache_cert_file: "{{ inventory_hostname }}.{{ domain }}.crt"
 apache_key_file: "{{ inventory_hostname }}.{{ domain }}.key"
+apache_chain_file: "merc_hpc_apache_chain.pem"
 
diff --git a/roles/package_update/tasks/main.yml b/roles/package_update/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..acbd63e0395b03dd4fe71fd80d203d1c1abc1405
--- /dev/null
+++ b/roles/package_update/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+
+- name: "update cache centos"
+  shell: yum update -y
+  sudo: true
+  when: ansible_os_family == 'RedHat'
+
+- name: "update cache debian"
+  shell: apt-get update -y
+  sudo: true
+  when: ansible_os_family == 'Debian'
+
+
diff --git a/roles/shibboleth-sp/tasks/shibbolethConfig.yml b/roles/shibboleth-sp/tasks/shibbolethConfig.yml
index 14b57c94d7b2280febbe522847cd0542c66b151d..1756ff560e746b80a4177669abe11edf1eb6aff0 100644
--- a/roles/shibboleth-sp/tasks/shibbolethConfig.yml
+++ b/roles/shibboleth-sp/tasks/shibbolethConfig.yml
@@ -101,7 +101,7 @@
   file: path=/etc/shibboleth/private, state=directory, mode=700, owner=_shibd
   sudo: true
 
-- name: copy shib key:
+- name: copy shib key
   sudo: true
   copy: src=files/{{ shib_key }} dest=/etc/shibboleth/private/{{ shib_key }} owner=_shibd, mode=600
 
@@ -109,7 +109,7 @@
   file: path=/etc/shibboleth/certs, state=directory, mode=755, owner=_shibd
   sudo: true
 
-- name: copy shib cert:
+- name: copy shib cert
   sudo: true
   copy: src=files/{{ shib_cert }} dest=/etc/shibboleth/certs/{{ shib_cert }} owner=_shibd, mode=644