diff --git a/roles/extra_rpms/tasks/main.yml b/roles/extra_rpms/tasks/main.yml
index 1075221a13e750f30ea95ec284b8f186d50687ff..8dcf07de56a4a03f8cf52aaf3349a5a8193d224d 100644
--- a/roles/extra_rpms/tasks/main.yml
+++ b/roles/extra_rpms/tasks/main.yml
@@ -1,10 +1,4 @@
 ---
-
-- name: "update cache"
-  shell: yum update -y
-  sudo: true
-  when: ansible_os_family == 'RedHat'
-
 - name: "Install extra packages"
   yum: "name={{ item }} state=latest"
   with_items:
diff --git a/roles/karaage3.1.17/tasks/main.yml b/roles/karaage3.1.17/tasks/main.yml
index 11502045def196d00e6e94feba86039322e2af6e..d6bd0a224a5958cb235904e882b3a7d37b36ddcb 100644
--- a/roles/karaage3.1.17/tasks/main.yml
+++ b/roles/karaage3.1.17/tasks/main.yml
@@ -1,13 +1,18 @@
 ---
  - name: "Copying the apache key file"
-   template: src="files/{{ apache_key_file }}" dest="{{ x509_key_file }}" mode=0644
+   template: src="files/{{ apache_key_file }}" dest="/etc/ssl/private/{{ apache_key_file }}" mode=0600 owner=www-data group=www-data
    sudo: true
    when: apache_key_file is defined
  
  - name: "Copying the apache cert file"
-   template: src="files/{{ apache_cert_file }}" dest="{{ x509_cert_file }}" mode=0644
+   template: src="files/{{ apache_cert_file }}" dest="/etc/ssl/certs/{{ apache_cert_file }}" mode=0644 owner=www-data group=www-data
    sudo: true
    when: apache_cert_file is defined
+ 
+ - name: "Copying the apache cert chain file"
+   template: src="files/{{ apache_chain_file }}" dest="/etc/ssl/certs/{{ apache_chain_file }}" mode=0644 owner=www-data group=www-data
+   sudo: true
+   when: apache_chain_file is defined
 
  - name: "Copying the ldap ca cert file"
    template: src="files/{{ ldap_TLSCARoot }}" dest="{{ ldapCaCertFile }}" mode=0644
diff --git a/roles/karaage3.1.17/templates/default-ssl.j2 b/roles/karaage3.1.17/templates/default-ssl.j2
index ef5120323a405e46ae79c1967a1b56549a2ea5b5..761a48743de26319ae95b3beeb07b24984aa028d 100644
--- a/roles/karaage3.1.17/templates/default-ssl.j2
+++ b/roles/karaage3.1.17/templates/default-ssl.j2
@@ -42,15 +42,16 @@
 	#   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
 	#   If both key and certificate are stored in the same file, only the
 	#   SSLCertificateFile directive is needed.
-	SSLCertificateFile    {{ x509_cert_file }}
-	SSLCertificateKeyFile {{ x509_key_file }} 
+	SSLCertificateFile    /etc/ssl/certs/{{ apache_cert_file }}
+	SSLCertificateKeyFile /etc/ssl/private/{{ apache_key_file }} 
+
 	#   Server Certificate Chain:
 	#   Point SSLCertificateChainFile at a file containing the
 	#   concatenation of PEM encoded CA certificates which form the
 	#   certificate chain for the server certificate. Alternatively
 	#   when the CA certificates are directly appended to the server
 	#   certificate for convinience.
-	#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+	SSLCertificateChainFile /etc/ssl/certs/{{ apache_chain_file }} 
 
 	#   Certificate Authority (CA):
 	#   Set the CA certificate verification path where to find CA
diff --git a/roles/karaage3.1.17/vars/readme.txt b/roles/karaage3.1.17/vars/readme.txt
index ab2fcb044db48d903df29ced0d71413e98f89029..d12bb5aeb0431479afb3a6f5e193e2a2281a320d 100644
--- a/roles/karaage3.1.17/vars/readme.txt
+++ b/roles/karaage3.1.17/vars/readme.txt
@@ -1,4 +1,5 @@
 
 apache_cert_file: "{{ inventory_hostname }}.{{ domain }}.crt"
 apache_key_file: "{{ inventory_hostname }}.{{ domain }}.key"
+apache_chain_file: "merc_hpc_apache_chain.pem"
 
diff --git a/roles/package_update/tasks/main.yml b/roles/package_update/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..acbd63e0395b03dd4fe71fd80d203d1c1abc1405
--- /dev/null
+++ b/roles/package_update/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+
+- name: "update cache centos"
+  shell: yum update -y
+  sudo: true
+  when: ansible_os_family == 'RedHat'
+
+- name: "update cache debian"
+  shell: apt-get update -y
+  sudo: true
+  when: ansible_os_family == 'Debian'
+
+