diff --git a/metadata.rb b/metadata.rb
index 6092f5a..b5b981e 100644
--- a/metadata.rb
+++ b/metadata.rb
@@ -12,5 +12,5 @@ recipe 'openstack-bare-metal::default', 'Temp workaround to create ironic db wit
 recipe 'openstack-bare-metal::identity_registration', 'Registers ironic service/user/endpoints in keystone'
 recipe 'openstack-bare-metal::ironic-common', 'Defines the common pieces of repeated code from the other recipes'
 
-depends 'openstack-common', '>= 11.2.0'
+depends 'openstack-common', '>= 11.4.0'
 depends 'openstack-identity', '>= 11.0.0'
diff --git a/spec/ironic-common_spec.rb b/spec/ironic-common_spec.rb
index 9ec4e7a..935b5e8 100644
--- a/spec/ironic-common_spec.rb
+++ b/spec/ironic-common_spec.rb
@@ -184,15 +184,35 @@ describe 'openstack-bare-metal::ironic-common' do
           end
         end
 
-        it 'does not have kombu ssl version set' do
-          expect(chef_run).not_to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^kombu_ssl_version=TLSv1.2$/)
+        it 'does not have ssl config set' do
+          [/^rabbit_use_ssl=/,
+           /^kombu_ssl_version=/,
+           /^kombu_ssl_keyfile=/,
+           /^kombu_ssl_certfile=/,
+           /^kombu_ssl_ca_certs=/,
+           /^kombu_reconnect_delay=/,
+           /^kombu_reconnect_timeout=/].each do |line|
+            expect(chef_run).not_to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
+          end
         end
 
-        it 'sets kombu ssl version' do
+        it 'sets ssl config' do
           node.set['openstack']['mq']['bare-metal']['rabbit']['use_ssl'] = true
           node.set['openstack']['mq']['bare-metal']['rabbit']['kombu_ssl_version'] = 'TLSv1.2'
-
-          expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^kombu_ssl_version=TLSv1.2$/)
+          node.set['openstack']['mq']['bare-metal']['rabbit']['kombu_ssl_keyfile'] = 'keyfile'
+          node.set['openstack']['mq']['bare-metal']['rabbit']['kombu_ssl_certfile'] = 'certfile'
+          node.set['openstack']['mq']['bare-metal']['rabbit']['kombu_ssl_ca_certs'] = 'certsfile'
+          node.set['openstack']['mq']['bare-metal']['rabbit']['kombu_reconnect_delay'] = 123.123
+          node.set['openstack']['mq']['bare-metal']['rabbit']['kombu_reconnect_timeout'] = 123
+          [/^rabbit_use_ssl=true/,
+           /^kombu_ssl_version=TLSv1.2$/,
+           /^kombu_ssl_keyfile=keyfile$/,
+           /^kombu_ssl_certfile=certfile$/,
+           /^kombu_ssl_ca_certs=certsfile$/,
+           /^kombu_reconnect_delay=123.123$/,
+           /^kombu_reconnect_timeout=123$/].each do |line|
+            expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', line)
+          end
         end
 
         context 'ha attributes' do
@@ -231,11 +251,9 @@ describe 'openstack-bare-metal::ironic-common' do
           end
         end
 
-        %w(use_ssl userid).each do |attr|
-          it "has rabbit_#{attr}" do
-            node.set['openstack']['mq']['bare-metal']['rabbit'][attr] = "rabbit_#{attr}_value"
-            expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_#{attr}=rabbit_#{attr}_value$/)
-          end
+        it 'has rabbit_userid' do
+          node.set['openstack']['mq']['bare-metal']['rabbit']['userid'] = 'rabbit_userid_value'
+          expect(chef_run).to render_config_file(file.name).with_section_content('oslo_messaging_rabbit', /^rabbit_userid=rabbit_userid_value$/)
         end
 
         it 'has rabbit_password' do
diff --git a/templates/default/ironic.conf.erb b/templates/default/ironic.conf.erb
index f3252cd..4241a2b 100644
--- a/templates/default/ironic.conf.erb
+++ b/templates/default/ironic.conf.erb
@@ -2,20 +2,6 @@
 
 [DEFAULT]
 
-# SSL key file (valid only if SSL enabled). (string value)
-#kombu_ssl_keyfile=
-
-# SSL cert file (valid only if SSL enabled). (string value)
-#kombu_ssl_certfile=
-
-# SSL certification authority file (valid only if SSL
-# enabled). (string value)
-#kombu_ssl_ca_certs=
-
-# How long to wait before reconnecting in response to an AMQP
-# consumer cancel notification. (floating point value)
-#kombu_reconnect_delay=1.0
-
 # Deprecated, use rpc_backend=kombu+memory or rpc_backend=fake
 # (boolean value)
 #fake_rabbit=false
@@ -1142,11 +1128,34 @@ amqp_auto_delete=<%= node['openstack']['mq']['bare-metal']['auto_delete'] %>
 # Size of RPC connection pool. (integer value)
 rpc_conn_pool_size=<%= node['openstack']['bare-metal']['rpc_conn_pool_size'] %>
 
-<% if node['openstack']['mq']['bare-metal']['rabbit']['use_ssl'] && node['openstack']['mq']['bare-metal']['rabbit']['kombu_ssl_version'] %>
+<% if node['openstack']['mq']['bare-metal']['rabbit']['use_ssl'] -%>
+
+# Connect over SSL for RabbitMQ. (boolean value)
+rabbit_use_ssl=true
+
+<%   if node['openstack']['mq']['bare-metal']['rabbit']['kombu_ssl_version'] -%>
 # SSL version to use (valid only if SSL enabled). valid values
 # are TLSv1 and SSLv23. SSLv2 and SSLv3 may be available on
 # some distributions. (string value)
 kombu_ssl_version=<%= node['openstack']['mq']['bare-metal']['rabbit']['kombu_ssl_version'] %>
+<%   end -%>
+<%   if node['openstack']['mq']['bare-metal']['rabbit']['kombu_ssl_keyfile'] -%>
+# SSL key file (valid only if SSL enabled)
+kombu_ssl_keyfile=<%= node['openstack']['mq']['bare-metal']['rabbit']['kombu_ssl_keyfile'] %>
+<%   end -%>
+<%   if node['openstack']['mq']['bare-metal']['rabbit']['kombu_ssl_certfile'] -%>
+# SSL cert file (valid only if SSL enabled)
+kombu_ssl_certfile=<%= node['openstack']['mq']['bare-metal']['rabbit']['kombu_ssl_certfile'] %>
+<%   end -%>
+<%   if node['openstack']['mq']['bare-metal']['rabbit']['kombu_ssl_ca_certs'] -%>
+# SSL certification authority file (valid only if SSL enabled)
+kombu_ssl_ca_certs=<%= node['openstack']['mq']['bare-metal']['rabbit']['kombu_ssl_ca_certs'] %>
+<%   end -%>
+# How long to wait before reconnecting in response to an AMQP consumer cancel notification
+kombu_reconnect_delay=<%= node['openstack']['mq']['bare-metal']['rabbit']['kombu_reconnect_delay'] %>
+# How long to wait before considering a reconnect attempt to have failed.
+# This value should not be longer than rpc_response_timeout
+kombu_reconnect_timeout=<%= node['openstack']['mq']['bare-metal']['rabbit']['kombu_reconnect_timeout'] %>
 <% end -%>
 
 ##### RABBITMQ #####
@@ -1167,7 +1176,6 @@ rabbit_hosts=<%= @rabbit_hosts %>
 # value)
 rabbit_ha_queues=True
 
-rabbit_use_ssl=<%= node['openstack']['mq']['bare-metal']['rabbit']['use_ssl'] %>
 <% else -%>
 # The RabbitMQ broker address where a single node is used.
 # (string value)
@@ -1176,15 +1184,11 @@ rabbit_host=<%= node['openstack']['mq']['bare-metal']['rabbit']['host'] %>
 # The RabbitMQ broker port where a single node is used.
 # (integer value)
 rabbit_port=<%= node['openstack']['mq']['bare-metal']['rabbit']['port'] %>
-
-# Connect over SSL for RabbitMQ. (boolean value)
-rabbit_use_ssl=<%= node['openstack']['mq']['bare-metal']['rabbit']['use_ssl'] %>
 <% end -%>
 
 # The RabbitMQ login method. (string value)
 #rabbit_login_method=AMQPLAIN
 
-
 # How frequently to retry connecting with RabbitMQ. (integer
 # value)
 rabbit_retry_interval=<%= node['openstack']['mq']['bare-metal']['rabbit']['rabbit_retry_interval'] %>
@@ -1198,7 +1202,6 @@ rabbit_retry_interval=<%= node['openstack']['mq']['bare-metal']['rabbit']['rabbi
 rabbit_max_retries=<%= node['openstack']['mq']['bare-metal']['rabbit']['rabbit_max_retries'] %>
 <% end -%>
 
-
 [pxe]
 
 #