diff --git a/manifests/init.pp b/manifests/init.pp
index 97469b226..200e065e5 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -228,17 +228,17 @@
   String $vhost_priority = $foreman::params::vhost_priority,
   Stdlib::Port $server_port = $foreman::params::server_port,
   Stdlib::Port $server_ssl_port = $foreman::params::server_ssl_port,
-  Stdlib::Absolutepath $server_ssl_ca = $foreman::params::server_ssl_ca,
-  Stdlib::Absolutepath $server_ssl_chain = $foreman::params::server_ssl_chain,
-  Stdlib::Absolutepath $server_ssl_cert = $foreman::params::server_ssl_cert,
-  Variant[Enum[''], Stdlib::Absolutepath] $server_ssl_certs_dir = $foreman::params::server_ssl_certs_dir,
-  Stdlib::Absolutepath $server_ssl_key = $foreman::params::server_ssl_key,
-  Variant[Enum[''], Stdlib::Absolutepath] $server_ssl_crl = $foreman::params::server_ssl_crl,
+  Stdlib::Absolutepath $server_ssl_ca = undef,
+  Stdlib::Absolutepath $server_ssl_chain = undef,
+  Stdlib::Absolutepath $server_ssl_cert = undef,
+  Variant[Enum[''], Stdlib::Absolutepath] $server_ssl_certs_dir = '',
+  Stdlib::Absolutepath $server_ssl_key = undef,
+  Variant[Enum[''], Stdlib::Absolutepath] '',
   Optional[String] $server_ssl_protocol = $foreman::params::server_ssl_protocol,
   Enum['none','optional','require','optional_no_ca'] $server_ssl_verify_client = $foreman::params::server_ssl_verify_client,
-  Stdlib::Absolutepath $client_ssl_ca = $foreman::params::client_ssl_ca,
-  Stdlib::Absolutepath $client_ssl_cert = $foreman::params::client_ssl_cert,
-  Stdlib::Absolutepath $client_ssl_key = $foreman::params::client_ssl_key,
+  Stdlib::Absolutepath $client_ssl_ca = undef,
+  Stdlib::Absolutepath $client_ssl_cert = undef,
+  Stdlib::Absolutepath $client_ssl_key = undef,
   Boolean $oauth_active = $foreman::params::oauth_active,
   Boolean $oauth_map_users = $foreman::params::oauth_map_users,
   String $oauth_consumer_key = $foreman::params::oauth_consumer_key,
diff --git a/manifests/params.pp b/manifests/params.pp
index a562990c3..de249e4d0 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -119,27 +119,9 @@
     }
   }
 
-  if fact('aio_agent_version') =~ String[1] {
-    $puppet_ssldir = '/etc/puppetlabs/puppet/ssl'
-  } else {
-    $puppet_ssldir = '/var/lib/puppet/ssl'
-  }
-
-  # If CA is specified, remote Foreman host will be verified in reports/ENC scripts
-  $client_ssl_ca   = "${puppet_ssldir}/certs/ca.pem"
-  # Used to authenticate to Foreman, required if require_ssl_puppetmasters is enabled
-  $client_ssl_cert = "${puppet_ssldir}/certs/${lower_fqdn}.pem"
-  $client_ssl_key  = "${puppet_ssldir}/private_keys/${lower_fqdn}.pem"
-
   $vhost_priority = '05'
 
   # Set these values if you want Apache to serve a CA-provided cert instead of puppet's
-  $server_ssl_ca    = "${puppet_ssldir}/certs/ca.pem"
-  $server_ssl_chain = "${puppet_ssldir}/certs/ca.pem"
-  $server_ssl_cert  = "${puppet_ssldir}/certs/${lower_fqdn}.pem"
-  $server_ssl_certs_dir = '' # lint:ignore:empty_string_assignment - this must be empty since we override a default
-  $server_ssl_key   = "${puppet_ssldir}/private_keys/${lower_fqdn}.pem"
-  $server_ssl_crl   = "${puppet_ssldir}/crl.pem"
   $server_ssl_protocol = undef
   $server_ssl_verify_client = 'optional'