diff --git a/installer/roles/kubernetes/handlers/main.yml b/installer/roles/kubernetes/handlers/main.yml
new file mode 100644
index 0000000000..35b5c55988
--- /dev/null
+++ b/installer/roles/kubernetes/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: remove-rmq_cert_tempdir
+  file:
+    state: absent
+    path: "{{ rmq_cert_tempdir.path }}"
+
diff --git a/installer/roles/kubernetes/tasks/ssl_cert_gen.yml b/installer/roles/kubernetes/tasks/ssl_cert_gen.yml
new file mode 100644
index 0000000000..e2876b3421
--- /dev/null
+++ b/installer/roles/kubernetes/tasks/ssl_cert_gen.yml
@@ -0,0 +1,61 @@
+---
+
+- name: Create temporary directory
+  tempfile:
+    state: directory
+    prefix: "tower-install-rmq-certs"
+  register: rmq_cert_tempdir
+  notify: remove-rmq_cert_tempdir
+
+- name: Generate CA private key
+  openssl_privatekey:
+    path: '{{ rmq_cert_tempdir.path }}/ca.key'
+    mode: "0600"
+
+- name: Generate CA CSR
+  openssl_csr:
+    path: '{{ rmq_cert_tempdir.path }}/ca.csr'
+    privatekey_path: '{{ rmq_cert_tempdir.path }}/ca.key'
+    common_name: 'rabbitmq-ca'
+    basic_constraints: 'CA:TRUE'
+    mode: "0600"
+
+- name: Generate CA certificate
+  openssl_certificate:
+    path: '{{ rmq_cert_tempdir.path }}/ca.crt'
+    csr_path: '{{ rmq_cert_tempdir.path }}/ca.csr'
+    privatekey_path: '{{ rmq_cert_tempdir.path }}/ca.key'
+    provider: selfsigned
+    selfsigned_not_after: "+36524d"
+    mode: "0600"
+
+- name: Generate server private key
+  openssl_privatekey:
+    path: '{{ rmq_cert_tempdir.path }}/server.key'
+    mode: "0600"
+
+- name: Generate server CSR
+  openssl_csr:
+    path: '{{ rmq_cert_tempdir.path }}/server.csr'
+    privatekey_path: '{{ rmq_cert_tempdir.path }}/server.key'
+    common_name: 'rabbitmq-server'
+    mode: "0600"
+
+- name: Generate server certificate
+  openssl_certificate:
+    path: "{{ rmq_cert_tempdir.path }}/server.crt"
+    csr_path: "{{ rmq_cert_tempdir.path }}/server.csr"
+    privatekey_path: "{{ rmq_cert_tempdir.path }}/server.key"
+    provider: ownca
+    ownca_path: "{{ rmq_cert_tempdir.path }}/ca.crt"
+    ownca_privatekey_path: "{{ rmq_cert_tempdir.path }}/ca.key"
+    ownca_not_after: "+36500d"
+    mode: "0600"
+
+- name: Create combined certificate
+  assemble:
+    src: "{{ rmq_cert_tempdir.path }}"
+    regexp: "server.crt|server.key"
+    dest: "{{ rmq_cert_tempdir.path }}/server-combined.pem"
+    mode: "0600"
+