diff --git a/clustersconfig/cert-request.go b/clustersconfig/cert-request.go
new file mode 100644
index 0000000..686cbb3
--- /dev/null
+++ b/clustersconfig/cert-request.go
@@ -0,0 +1,10 @@
+package clustersconfig
+
+type CertRequest struct {
+	Template `yaml:",inline"`
+
+	CA      string
+	Profile string
+	Label   string
+	PerHost bool `yaml:"per_host"`
+}
diff --git a/clustersconfig/clustersconfig.go b/clustersconfig/clustersconfig.go
index 283167c..f8d68f8 100644
--- a/clustersconfig/clustersconfig.go
+++ b/clustersconfig/clustersconfig.go
@@ -12,11 +12,13 @@ import (
 )
 
 type Config struct {
-	Hosts      []*Host
-	Groups     []*Group
-	Clusters   []*Cluster
-	Configs    []*Template
-	StaticPods []*Template `yaml:"static_pods"`
+	Hosts        []*Host
+	Groups       []*Group
+	Clusters     []*Cluster
+	Configs      []*Template
+	StaticPods   []*Template    `yaml:"static_pods"`
+	SSLConfig    string         `yaml:"ssl_config"`
+	CertRequests []*CertRequest `yaml:"cert_requests"`
 }
 
 func FromBytes(data []byte) (*Config, error) {
@@ -109,6 +111,15 @@ func (c *Config) StaticPodsTemplate(name string) *Template {
 	return nil
 }
 
+func (c *Config) CSR(name string) *CertRequest {
+	for _, s := range c.CertRequests {
+		if s.Name == name {
+			return s
+		}
+	}
+	return nil
+}
+
 func (c *Config) SaveTo(path string) error {
 	ba, err := yaml.Marshal(c)
 	if err != nil {
diff --git a/clustersconfig/dir.go b/clustersconfig/dir.go
index 63c57d9..8049065 100644
--- a/clustersconfig/dir.go
+++ b/clustersconfig/dir.go
@@ -2,6 +2,7 @@ package clustersconfig
 
 import (
 	"io/ioutil"
+	"os"
 	"path"
 	"path/filepath"
 	"strings"
@@ -94,6 +95,25 @@ func FromDir(dirPath string) (*Config, error) {
 		return nil, err
 	}
 
+	if ba, err := ioutil.ReadFile(filepath.Join(dirPath, "ssl-config.json")); err == nil {
+		config.SSLConfig = string(ba)
+
+	} else if !os.IsNotExist(err) {
+		return nil, err
+	}
+
+	if ba, err := ioutil.ReadFile(filepath.Join(dirPath, "cert-requests.yaml")); err == nil {
+		reqs := make([]*CertRequest, 0)
+		if err = yaml.Unmarshal(ba, &reqs); err != nil {
+			return nil, err
+		}
+
+		config.CertRequests = reqs
+
+	} else if !os.IsNotExist(err) {
+		return nil, err
+	}
+
 	return config, nil
 }