diff --git a/roles/web_server/molecule/default/tests/test_default.py b/roles/web_server/molecule/default/tests/test_default.py
index c3de34533f6cf3e7b2a16db596a65de63f68ecab..c86a1b2f100f099410a9d630f66fbede111f0711 100644
--- a/roles/web_server/molecule/default/tests/test_default.py
+++ b/roles/web_server/molecule/default/tests/test_default.py
@@ -276,3 +276,27 @@ def test_https_server_uses_correct_dh_parameters(host):
     used_dhparam = output[output.find(begin_marker):output.find(end_marker) + len(end_marker)]
 
     assert used_dhparam == expected_dhparam
+
+
+def test_nginx_tls_files(host):
+    """
+    Tests if TLS private key and certificate have been deployed correctly.
+    """
+
+    hostname = host.run('hostname').stdout.strip()
+
+    with host.sudo():
+
+        tls_file = host.file('/etc/ssl/private/%s_https.key' % hostname)
+        assert tls_file.is_file
+        assert tls_file.user == 'root'
+        assert tls_file.group == 'root'
+        assert tls_file.mode == 0o640
+        assert tls_file.content_string == open("tests/data/x509/%s_https.key.pem" % hostname, "r").read().rstrip()
+
+        tls_file = host.file('/etc/ssl/certs/%s_https.pem' % hostname)
+        assert tls_file.is_file
+        assert tls_file.user == 'root'
+        assert tls_file.group == 'root'
+        assert tls_file.mode == 0o644
+        assert tls_file.content_string == open("tests/data/x509/%s_https.cert.pem" % hostname, "r").read().rstrip()