diff -r dd6b3adde73b -r 338bcc78d431 dev/provisioning/modules/sysconfig/manifests/handle.pp
--- a/dev/provisioning/modules/sysconfig/manifests/handle.pp	Wed Apr 13 13:38:40 2016 +0200
+++ b/dev/provisioning/modules/sysconfig/manifests/handle.pp	Fri Apr 22 11:20:17 2016 +0200
@@ -5,6 +5,7 @@
     $hdl_web_port       = hiera('sysconfig::params::hdl_web_port', $sysconfig::params::hdl_web_port),
     $hdl_key_pswd       = hiera('sysconfig::params::hdl_key_pswd', $sysconfig::params::hdl_key_pswd),
     $hdl_prefix         = hiera('sysconfig::params::hdl_prefix', $sysconfig::params::hdl_prefix),
+    $hdl_test_prefix    = hiera('sysconfig::params::hdl_test_prefix', $sysconfig::params::hdl_test_prefix),
     $hdl_prefix_admin   = hiera('sysconfig::params::hdl_prefix_admin', $sysconfig::params::hdl_prefix_admin),
     $hdl_db_name        = hiera('sysconfig::params::hdl_db_name', $sysconfig::params::hdl_db_name),
     $db_user            = hiera('sysconfig::params::db_user', $sysconfig::params::db_user),
@@ -109,6 +110,77 @@
         require => [Archive["handle-8.1"], Package['java-install'], Package['expect']]
     }
 
+    exec { "convert-handle-corpus-admin-keys-priv":
+        command => "/opt/handle/bin/hdl-convert-key /var/lib/handle/corpusadmpriv.bin -o /var/lib/handle/corpusadmpriv.pem",
+        cwd => "/opt/handle/bin",
+        creates => "/var/lib/handle/corpusadmpriv.pem",
+        user => $hdl_user,
+        require => [Archive["handle-8.1"], Package['java-install'], Exec['init-handle-corpus-admin-keys']]
+    }
+
+    exec { "convert-handle-corpus-admin-keys-pub":
+        command => "/opt/handle/bin/hdl-convert-key /var/lib/handle/corpusadmpub.bin -o /var/lib/handle/corpusadmpub.pem",
+        cwd => "/opt/handle/bin",
+        creates => "/var/lib/handle/corpusadmpub.pem",
+        user => $hdl_user,
+        require => [Archive["handle-8.1"], Package['java-install'], Exec['init-handle-corpus-admin-keys']]
+    }
+    
+    # create handle admin handle dsa keys
+    file { "/tmp/handle/handle_script_corpus_admin_dsa_keys.exp":
+        ensure => file,
+        source => "puppet:///modules/sysconfig/handle/handle_script_corpus_admin_dsa_keys.exp",
+        owner => "$hdl_user",
+        group => "$hdl_user",
+        mode => "0750"
+    }->
+    exec { "init-handle-corpus-admin-dsa-keys":
+        command => "/tmp/handle/handle_script_corpus_admin_dsa_keys.exp",
+        cwd => "/opt/handle/bin",
+        provider => 'shell',
+        creates => "/var/lib/handle/corpusadmdsapriv.bin",
+        user => $hdl_user,
+        notify => Exec['rm-tmp-handle-corpus-admin-dsa-key'],
+        require => [Archive["handle-8.1"], Package['java-install'], Package['expect']]
+    }
+
+
+    exec { "convert-handle-corpus-admin-dsa-keys-pub":
+        command => "/opt/handle/bin/hdl-convert-key /var/lib/handle/corpusadmdsapub.bin -o /var/lib/handle/corpusadmdsapub.pem",
+        cwd => "/opt/handle/bin",
+        creates => "/var/lib/handle/corpusadmdsapub.pem",
+        user => $hdl_user,
+        require => [Archive["handle-8.1"], Package['java-install'], Exec['init-handle-corpus-admin-dsa-keys']]
+    }
+
+    exec { "convert-handle-corpus-admin-dsa-keys-priv":
+        command => "/opt/handle/bin/hdl-convert-key /var/lib/handle/corpusadmdsapriv.bin -o /var/lib/handle/corpusadmdsapriv.pem",
+        cwd => "/opt/handle/bin",
+        creates => "/var/lib/handle/corpusadmdsapriv.pem",
+        user => $hdl_user,
+        require => [Archive["handle-8.1"], Package['java-install'], Exec['init-handle-corpus-admin-dsa-keys']]
+    }  
+
+    
+    exec { "convert-handle-corpus-admin-cert":
+        command => "/usr/bin/openssl req -pubkey -x509 -new -sha256 -subj \"/CN=300:${hdl_prefix}\\/${hdl_prefix_admin}\" -key /var/lib/handle/corpusadmpriv.pem | /usr/bin/openssl x509 -inform PEM -out /var/lib/handle/corpusadmcrt.pem",
+        creates => "/var/lib/handle/corpusadmcrt.pem",
+        user => $hdl_user,
+        require => Exec["convert-handle-corpus-admin-keys-priv"]
+    }->
+    exec { "concat-handle-corpus-admin-pkey-cert":
+    	 command => "/usr/bin/cat /var/lib/handle/corpusadmpriv.pem /var/lib/handle/corpusadmcrt.pem > /var/lib/handle/corpusadmpkeycrt.pem",
+	 creates => "/var/lib/handle/corpusadmpkeycrt.pem",
+	 user => $hdl_user
+    }
+
+    exec { "convert-handle-corpus-admin-test-cert":
+        command => "/usr/bin/openssl req -pubkey -x509 -new -sha256 -subj \"/CN=300:${hdl_test_prefix}\\/${hdl_prefix_admin}\" -key /var/lib/handle/corpusadmpriv.pem | /usr/bin/openssl x509 -inform PEM -out /var/lib/handle/corpusadmcrttest.pem",
+        creates => "/var/lib/handle/corpusadmcrttest.pem",
+        user => $hdl_user,
+        require => Exec["convert-handle-corpus-admin-keys-priv"]
+    }
+
     file { '/tmp/handle/handle_data.sql.sh':
         ensure => file,
         content => template("sysconfig/handle/handle_data.sql.sh.erb"),
@@ -208,6 +280,11 @@
         refreshonly => true
     }
 
+    exec { "rm-tmp-handle-corpus-admin-dsa-key":
+        command => "/usr/bin/rm -f /tmp/handle/handle_script_corpus_admin_dsa_keys.exp",
+        refreshonly => true
+    }
+    
     exec { "open-handle-web-port":
         command => "firewall-cmd --permanent --add-port=8000/tcp",
         path => [ '/bin', '/usr/bin', '/usr/local/bin' ]