diff --git a/puppet/zulip/manifests/nginx.pp b/puppet/zulip/manifests/nginx.pp
index 6e8fb4b088..9105a1972f 100644
--- a/puppet/zulip/manifests/nginx.pp
+++ b/puppet/zulip/manifests/nginx.pp
@@ -58,6 +58,11 @@ class zulip::nginx {
     source  => 'puppet:///modules/zulip/nginx/dhparam.pem',
   }
 
+  if $::osfamily == 'debian' {
+      $ca_crt = '/etc/ssl/certs/ca-certificates.crt'
+  } else {
+      $ca_crt = '/etc/pki/tls/certs/ca-bundle.crt'
+  }
   file { '/etc/nginx/nginx.conf':
     ensure  => file,
     require => Package[$zulip::common::nginx, 'ca-certificates'],
diff --git a/puppet/zulip/templates/nginx.conf.template.erb b/puppet/zulip/templates/nginx.conf.template.erb
index cf2229f111..441b4c63d0 100644
--- a/puppet/zulip/templates/nginx.conf.template.erb
+++ b/puppet/zulip/templates/nginx.conf.template.erb
@@ -62,7 +62,7 @@ http {
     ssl_prefer_server_ciphers off;
     ssl_stapling on;
     ssl_stapling_verify on;
-    ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
+    ssl_trusted_certificate <%= @ca_crt %>;
 
 
     include /etc/nginx/conf.d/*.conf;