diff --git a/defaults/main.yml b/defaults/main.yml
index eb78802..1d0ca34 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,4 +1,11 @@
 ---
+ucs_custom_tls_enabled: False
+ucs_custom_tls_apache2_enabled: True
+ucs_custom_tls_dovecot_enabled: False
+ucs_custom_tls_postfix_enabled: True
+ucs_custom_tls_cert_path: /etc/pki/tls/certs/mycert.pem
+ucs_custom_tls_key_path: /etc/pki/tls/private/mykey.pem
+
 ucs_filesystem_acl: []
 # @var ucs_filesystem_acl:example: >
 # ucs_filesystem_acl:
diff --git a/tasks/main.yml b/tasks/main.yml
index 04a6157..8c6203a 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -5,6 +5,8 @@
     value: "{{ item.value }}"
     state: "{{ item.state | default('present') }}"
   loop: "{{ __usc_registry_settings + ucs_registry_extra }}"
+  loop_control:
+    label: "{{ item.path }}={{ item.value }}"
 
 - name: Create system groups
   community.general.udm_group:
@@ -45,3 +47,52 @@
   loop: "{{ ucs_cronjobs }}"
   loop_control:
     label: "{{ item.name }}"
+
+- name: Configure custom TLS certificates
+  when: ucs_custom_tls_enabled | bool
+  block:
+    - name: Set apache2 ucr vars
+      xoxys.general.ucr:
+        path: "{{ item.path }}"
+        value: "{{ item.value }}"
+      loop:
+        - path: apache2/ssl/certificate
+          value: "{{ ucs_custom_tls_cert_path }}"
+        - path: apache2/ssl/key
+          value: "{{ ucs_custom_tls_key_path }}"
+        - path: saml/apache2/ssl/certificate
+          value: "{{ ucs_custom_tls_cert_path }}"
+        - path: saml/apache2/ssl/key
+          value: "{{ ucs_custom_tls_key_path }}"
+      loop_control:
+        label: "{{ item.path }}={{ item.value }}"
+      notify: __ucs_apache_restart
+      when: ucs_custom_tls_apache2_enabled
+
+    - name: Set dovecot ucr vars
+      xoxys.general.ucr:
+        path: "{{ item.path }}"
+        value: "{{ item.value }}"
+      loop:
+        - path: mail/dovecot/ssl/certificate,
+          value: "{{ ucs_custom_tls_cert_path }}"
+        - path: mail/dovecot/ssl/key
+          value: "{{ ucs_custom_tls_key_path }}"
+      loop_control:
+        label: "{{ item.path }}={{ item.value }}"
+      notify: __ucs_dovecot_restart
+      when: ucs_custom_tls_dovecot_enabled
+
+    - name: Set postfix ucr vars
+      xoxys.general.ucr:
+        path: "{{ item.path }}"
+        value: "{{ item.value }}"
+      loop:
+        - path: mail/postfix/ssl/certificate
+          value: "{{ ucs_custom_tls_cert_path }}"
+        - path: mail/postfix/ssl/key
+          value: "{{ ucs_custom_tls_key_path }}"
+      loop_control:
+        label: "{{ item.path }}={{ item.value }}"
+      notify: __ucs_postfix_restart
+      when: ucs_custom_tls_postfix_enabled