diff --git a/recipes/apache2-server.rb b/recipes/apache2-server.rb
index 05ef7d1..9e0fe40 100644
--- a/recipes/apache2-server.rb
+++ b/recipes/apache2-server.rb
@@ -80,30 +80,29 @@ ssl_cert_file = File.join(node['openstack']['dashboard']['ssl']['cert_dir'], nod
 ssl_key_file = File.join(node['openstack']['dashboard']['ssl']['key_dir'], node['openstack']['dashboard']['ssl']['key'])
 
 if node['openstack']['dashboard']['use_ssl']
-  cert_mode = 00644
-  cert_owner = 'root'
-  cert_group = 'root'
-  file ssl_cert_file.to_s do
-    content ssl_cert
+  unless ssl_cert_file == ssl_key_file
+    cert_mode = 00644
+    cert_owner = 'root'
+    cert_group = 'root'
 
-    mode cert_mode
-    owner cert_owner
-    group cert_group
-
-    notifies :run, 'execute[restore-selinux-context]', :immediately
+    file ssl_cert_file do
+      content ssl_cert
+      mode cert_mode
+      owner cert_owner
+      group cert_group
+      notifies :run, 'execute[restore-selinux-context]', :immediately
+    end
   end
 
   key_mode = 00640
   key_owner = 'root'
   key_group = node['openstack']['dashboard']['key_group']
 
-  file ssl_key_file.to_s do
+  file ssl_key_file do
     content ssl_key
-
     mode key_mode
     owner key_owner
     group key_group
-
     notifies :run, 'execute[restore-selinux-context]', :immediately
   end
 end
diff --git a/spec/apache2-server_spec.rb b/spec/apache2-server_spec.rb
index 57f8645..710e672 100644
--- a/spec/apache2-server_spec.rb
+++ b/spec/apache2-server_spec.rb
@@ -78,7 +78,7 @@ describe 'openstack-dashboard::apache2-server' do
     end
 
     describe 'certs' do
-      describe 'get seceret' do
+      describe 'get secret' do
         let(:pem) { chef_run.file('/etc/ssl/certs/horizon.pem') }
         let(:key) { chef_run.file('/etc/ssl/private/horizon.key') }
 
@@ -98,6 +98,37 @@ describe 'openstack-dashboard::apache2-server' do
           expect(pem).to notify('execute[restore-selinux-context]').to(:run)
           expect(key).to notify('execute[restore-selinux-context]').to(:run)
         end
+      end
+
+      describe 'get secret with only one pem' do
+        let(:key) { chef_run.file('/etc/ssl/private/horizon.pem') }
+
+        before do
+          node.set['openstack']['dashboard']['ssl'].tap do |ssl|
+            ssl['cert_dir'] = ssl['key_dir'] = '/etc/ssl/private'
+            ssl['cert'] = ssl['key'] = 'horizon.pem'
+          end
+        end
+
+        it do
+          expect(chef_run).not_to create_file('/etc/ssl/private/horizon.pem')
+            .with(
+              content: 'horizon_pem_value',
+              user: 'root',
+              group: 'root',
+              mode: 0644
+            )
+        end
+
+        it do
+          expect(chef_run).to create_file('/etc/ssl/private/horizon.pem').with(
+            content: 'horizon_pem_value',
+            user: 'root',
+            group: 'ssl-cert',
+            mode: 0640
+          )
+          expect(key).to notify('execute[restore-selinux-context]').to(:run)
+        end
 
         it 'does not mess with certs if ssl not enabled' do
           node.set['openstack']['dashboard']['use_ssl'] = false
@@ -105,7 +136,8 @@ describe 'openstack-dashboard::apache2-server' do
           expect(chef_run).not_to create_file('/etc/ssl/certs/horizon.key')
         end
       end
-      describe 'get different seceret' do
+
+      describe 'get different secret' do
         let(:pem) { chef_run.file('/etc/anypath/any.pem') }
         let(:key) { chef_run.file('/etc/anypath/any.key') }