diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 37d562d..70d1b17 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -1,4 +1,15 @@
 ---
+- name: setup ansible custom facts
+  file:
+    dest: "{{ item }}"
+    mode: 0755
+    owner: root
+    group: "{{ ansible_wheel }}"
+    state: directory
+  with_items:
+    - /etc/ansible
+    - /etc/ansible/facts.d
+
 - name: set correct hostname
   hostname:
     name: "{{ inventory_hostname }}"
diff --git a/roles/pki/tasks/main.yml b/roles/pki/tasks/main.yml
index 0e2a31f..0c7eb8c 100644
--- a/roles/pki/tasks/main.yml
+++ b/roles/pki/tasks/main.yml
@@ -30,6 +30,21 @@
     owner: root
     group: "{{ ansible_wheel }}"
 
+- name: add ansible certificate fact
+  copy:
+    content: |
+      #!/bin/sh
+      [ -f {{ tls_certs }}/{{ inventory_hostname }}.crt ] && awk '
+        BEGIN { printf "\"" }
+        { if (!/^-\-/) printf "%s",$0 }
+        END { print "\"" }
+        ' {{ tls_certs }}/{{ inventory_hostname }}.crt
+
+    dest: /etc/ansible/facts.d/ansible_certificate.fact
+    mode: 0755
+    owner: root
+    group: "{{ ansible_wheel }}"
+
 - name: create full chain of host certficate and ca
   shell: "cat {{ tls_certs }}/{{ inventory_hostname }}.crt \
    {{ tls_certs }}/ca.crt > \