From 8d50f454c741896aabf369ca942fa16d49951d6f Mon Sep 17 00:00:00 2001
From: 12ww1160 <12ww1160@confdroid.com>
Date: Sun, 15 Mar 2026 15:42:59 +0100
Subject: [PATCH] OP#501 adding variables and place holders for certs

---
 README.md           | 4 ++--
 manifests/params.pp | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 284dbf4..db98e76 100644
--- a/README.md
+++ b/README.md
@@ -102,13 +102,13 @@ It is very recommendable to define such commands directly within Puppet modules
 
 ## managing TLS certificates
 
-When `ne_enable_ssl` is enabled (default), the certificates for the ca (root if standalone or intermediate), the nagios server and the key for the nagios server have to be provided through the following values:
+When `ne_enable_ssl` is enabled, the certificates for the ca (root if standalone or intermediate), the nagios server and the key for the nagios server have to be provided through the following values:
 
 - `ne_ssl_ca_cert_pem`
 - `ne_ssl_cert_pem`
 - `ne_ssl_privatekey_pem`
 
-via Hiera (if you use it) or ENC.
+via Hiera (if you use it) or ENC. At the ENC need  to add confdroid_nrpe::params and set those values.
 
 ## SELINUX
 
diff --git a/manifests/params.pp b/manifests/params.pp
index 74e2a64..218ace6 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -115,7 +115,7 @@ class confdroid_nrpe::params (
   String $ne_command_timeout              = '60',
   String $ne_connection_timeout           = '300',
   String $ne_allow_weak_rnd_seed          = '1',
-  Boolean $ne_enable_ssl                  = true,
+  Boolean $ne_enable_ssl                  = false,
   String $ne_ssl_version                  = 'TLSv2+',
   String $ne_ssl_use_adh                  = '1',
   String $ne_ssl_cipher_list              = 'ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH',