diff --git a/testsite/playbooks/tls.yml b/testsite/playbooks/tls.yml
new file mode 100644
index 0000000000000000000000000000000000000000..542c263d75037e572521beca633e61c24bd08ef9
--- /dev/null
+++ b/testsite/playbooks/tls.yml
@@ -0,0 +1,52 @@
+---
+
+- hosts: preseed
+  vars:
+    host_tls_info:
+      - hostname: ldap
+        service: ldap
+        name: LDAP
+      - hostname: mail
+        service: imap
+        name: IMAP
+      - hostname: mail
+        service: smtp
+        name: SMTP
+      - hostname: phpinfo
+        service: https
+        name: PHP Info
+      - hostname: web
+        service: https
+        name: Web
+      - hostname: wsgi
+        service: https
+        name: WSGI Hello World
+      - hostname: xmpp
+        service: xmpp
+        name: XMPP
+  tasks:
+    - name: Create GnuTLS certificate templates for all hosts
+      template: src="../tls/gnutls_server_certificate.cfg.j2" dest="../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
+      with_items: host_tls_info
+    - name: Create the CA key
+      command: certtool --sec-param high --generate-privkey --outfile ../tls/ca.key
+      args:
+        creates: ../tls/ca.key
+    - name: Create the CA certificate
+      command: certtool --template ../tls/ca.cfg --generate-self-signed --load-privkey ../tls/ca.key --outfile ../tls/ca.pem
+      args:
+        creates: ../tls/ca.pem
+    - name: Create private keys for all hosts
+      command: certtool --sec-param normal --generate-privkey --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
+      with_items: host_tls_info
+      args:
+        creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
+    - name: Issue certificates for all hosts
+      shell: sleep 1 && certtool --generate-certificate
+             --load-ca-privkey "../tls/ca.key" --load-ca-certificate "../tls/ca.pem"
+             --template "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.cfg"
+             --load-privkey "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.key"
+             --outfile "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
+      with_items: host_tls_info
+      args:
+        creates: "../tls/{{ item.hostname }}.{{ testsite_domain }}_{{ item.service }}.pem"
\ No newline at end of file