diff --git a/group_vars/all.yml b/group_vars/all.yml
index ad28c57..e79d9e6 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -1,4 +1,5 @@
 ---
 ansible_python_interpreter: /usr/bin/python3
 default_locale: en_US.UTF-8
+openssl_ca_host: pki.aurore.local
 ...
diff --git a/roles/rsyslog-common/tasks/main.yml b/roles/rsyslog-common/tasks/main.yml
index 2e1da1f..5b007fd 100644
--- a/roles/rsyslog-common/tasks/main.yml
+++ b/roles/rsyslog-common/tasks/main.yml
@@ -17,6 +17,20 @@
     - proto: redis
       pkg: rsyslog-hiredis
 
+# FIXME: c'est un ajout de test
+- name: Install a X.509 certificate for RELP over TLS
+  include_role:
+    name: openssl-cert-builder
+  vars:
+    certificate:
+      # FIXME: il faudra que le hostname dans l'inventaire Ansible
+      # corresponde toujours au FQDN de la machine si on reste
+      # comme ça.
+      slug: "{{ inventory_hostname }}"
+      common_name: "{{ inventory_hostname }}"
+      not_before: +0s
+      not_after: +365d
+
 - name: Deploy main rsyslog configuration
   become: yes
   template: