diff --git a/sendmail/manifests/init.pp b/sendmail/manifests/init.pp
index 2ced03f..faa8347 100644
--- a/sendmail/manifests/init.pp
+++ b/sendmail/manifests/init.pp
@@ -29,15 +29,12 @@ class sendmail::common {
                 mode    => "0644",
                 notify  => Service["sendmail"],
             }
-            $ostype = "linux"
             $cabundle = "/etc/pki/tls/certs/ca-bundle.crt"
         }
         "ubuntu","debian": {
-            $ostype = "linux"
             $cabundle = "/etc/ssl/certs/ca-certificates.crt"
         }
         "openbsd": {
-            $ostype = "openbsd"
             $cabundle = "/etc/ssl/cert.pem"
         }
         default: {
@@ -245,29 +242,31 @@ class sendmail::server inherits sendmail::common {
             $ssl_chain = basename($sendmail_ssl_chain)
         }
 
-        file { "/etc/pki/tls/private/${ssl_key}":
+        include ssl
+
+        file { "${ssl::private}/${ssl_key}":
             ensure => present,
-            source => $sendmail_ssl_key,
             mode   => "0600",
             owner  => "root",
             group  => "root",
+            source => $sendmail_ssl_key,
             notify => Service["sendmail"],
         }
-        file { "/etc/pki/tls/certs/${ssl_cert}":
+        file { "${ssl::certs}/${ssl_cert}":
             ensure => present,
-            source => $sendmail_ssl_cert,
             mode   => "0644",
             owner  => "root",
             group  => "root",
+            source => $sendmail_ssl_cert,
             notify => Service["sendmail"],
         }
         if $ssl_chain {
-            file { "/etc/pki/tls/certs/${ssl_chain}":
+            file { "${ssl::certs}/${ssl_chain}":
                 ensure => present,
-                source => $sendmail_ssl_chain,
                 mode   => "0644",
                 owner  => "root",
                 group  => "root",
+                source => $sendmail_ssl_chain,
                 notify => Service["sendmail"],
             }
         }
diff --git a/sendmail/templates/sendmail.mc.erb b/sendmail/templates/sendmail.mc.erb
index 2c94075..8e8782f 100644
--- a/sendmail/templates/sendmail.mc.erb
+++ b/sendmail/templates/sendmail.mc.erb
@@ -8,7 +8,7 @@ include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
 include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
 <% end -%>
 VERSIONID(`puppet sendmail::server')dnl
-OSTYPE(`<%= @ostype -%>')dnl
+OSTYPE(`<%= @kernel.downcase -%>')dnl
 dnl #
 define(`confDEF_USER_ID', ``8:12'')dnl
 define(`confTO_CONNECT', `1m')dnl
@@ -33,12 +33,12 @@ dnl #
 define(`confCACERT_PATH', `/etc/mail/certs')
 <% if @ssl_key and @ssl_cert -%>
 <%   if @ssl_chain -%>
-define(`confCACERT', `/etc/pki/tls/certs/<%= @ssl_chain %>')
+define(`confCACERT', `<%= scope.lookupvar('ssl::certs') %>/<%= @ssl_chain %>')
 <%   end -%>
-define(`confSERVER_CERT', `/etc/pki/tls/certs/<%= @ssl_cert %>')
-define(`confSERVER_KEY', `/etc/pki/tls/private/<%= @ssl_key %>')
-define(`confCLIENT_CERT', `/etc/pki/tls/certs/<%= @ssl_cert %>')
-define(`confCLIENT_KEY', `/etc/pki/tls/private/<%= @ssl_key %>')
+define(`confSERVER_CERT', `<%= scope.lookupvar('ssl::certs') %>/<%= @ssl_cert %>')
+define(`confSERVER_KEY', `<%= scope.lookupvar('ssl::private') %>/<%= @ssl_key %>')
+define(`confCLIENT_CERT', `<%= scope.lookupvar('ssl::certs') %>/<%= @ssl_cert %>')
+define(`confCLIENT_KEY', `<%= scope.lookupvar('ssl::private') %>/<%= @ssl_key %>')
 <% end -%>
 dnl #
 FEATURE(`no_default_msa', `dnl')dnl
diff --git a/sendmail/templates/submit.mc.erb b/sendmail/templates/submit.mc.erb
index eb9d525..4a1580f 100644
--- a/sendmail/templates/submit.mc.erb
+++ b/sendmail/templates/submit.mc.erb
@@ -22,7 +22,7 @@ include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
 DOMAIN(`debian-msp')dnl
 <% end -%>
 VERSIONID(`puppet setup')dnl
-OSTYPE(`<%= @ostype -%>')dnl
+OSTYPE(`<%= @kernel.downcase -%>')dnl
 define(`confCF_VERSION', `Submit')dnl
 define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
 define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet