diff --git a/molecule/hashistack_ca_default/converge.yml b/molecule/hashistack_ca_default/converge.yml
new file mode 100644
index 0000000..b8f9f43
--- /dev/null
+++ b/molecule/hashistack_ca_default/converge.yml
@@ -0,0 +1,8 @@
+---
+- name: Converge
+  hosts: all
+  become: true
+  tasks:
+    - name: "Include ednz_cloud.hashistack.hashistack_ca"
+      ansible.builtin.include_role:
+        name: "ednz_cloud.hashistack.hashistack_ca"
diff --git a/molecule/hashistack_ca_default/etc/hashistack/.gitkeep b/molecule/hashistack_ca_default/etc/hashistack/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/molecule/hashistack_ca_default/group_vars/all.yml b/molecule/hashistack_ca_default/group_vars/all.yml
new file mode 100644
index 0000000..74f1f2a
--- /dev/null
+++ b/molecule/hashistack_ca_default/group_vars/all.yml
@@ -0,0 +1,67 @@
+---
+# defaults file for hashistack_ca
+hashistack_ca_directory: "{{ lookup('env', 'PWD') }}/etc/hashistack/certificates"
+hashistack_ca_use_cryptography: false
+hashistack_ca_action: "noop"
+hashistack_ca_domain: ednz.fr
+
+##############################
+# Root Certificate Authority #
+##############################
+hashistack_ca_root_org_name: EDNZ Cloud
+hashistack_ca_root_country: FR
+hashistack_ca_root_locality: Paris
+hashistack_ca_root_common_name: "{{ hashistack_ca_domain }} Root CA"
+hashistack_ca_root_email:
+hashistack_ca_root_key_usage:
+  - keyCertSign
+  - cRLSign
+hashistack_ca_root_key_usage_critical: true
+hashistack_ca_root_basic_constraints:
+  - CA:TRUE
+hashistack_ca_root_basic_constraints_critical: true
+
+# Optional fields
+hashistack_ca_root_state_or_province_name:
+hashistack_ca_root_email_address:
+
+# Validity
+hashistack_ca_root_valid_for: 0d
+hashistack_ca_root_renew_threshold: 0d
+
+######################################
+# Intermediate Certificate Authority #
+######################################
+hashistack_ca_intermediate_org_name: EDNZ Cloud Intermediate
+hashistack_ca_intermediate_country: FR
+hashistack_ca_intermediate_locality: Paris
+hashistack_ca_intermediate_common_name: "{{ hashistack_ca_domain }} Intermediate CA"
+hashistack_ca_intermediate_email:
+hashistack_ca_intermediate_key_usage:
+  - keyCertSign
+  - cRLSign
+hashistack_ca_intermediate_key_usage_critical: true
+hashistack_ca_intermediate_basic_constraints:
+  - CA:TRUE
+  - pathlen:0
+hashistack_ca_intermediate_basic_constraints_critical: true
+
+# Optional fields
+hashistack_ca_intermediate_state_or_province_name:
+hashistack_ca_intermediate_email_address:
+
+# Validity
+hashistack_ca_intermediate_valid_for: 365d
+hashistack_ca_intermediate_renew_threshold: 90d
+
+# Name Constraints
+hashistack_ca_intermediate_name_constraints_permitted:
+  - DNS:.nomad
+  - DNS:.consul
+  - DNS:.example.com
+  - DNS:localhost
+  - IP:192.168.0.0/16
+  - IP:172.16.0.0/16
+  - IP:10.0.0.0/8
+  - IP:127.0.0.0/8
+hashistack_ca_intermediate_name_constraints_critical: "{{ (hashistack_ca_intermediate_name_constraints_permitted is defined and hashistack_ca_intermediate_name_constraints_permitted | length > 0) }}"
diff --git a/molecule/hashistack_ca_default/molecule.yml b/molecule/hashistack_ca_default/molecule.yml
new file mode 100644
index 0000000..c84ca7b
--- /dev/null
+++ b/molecule/hashistack_ca_default/molecule.yml
@@ -0,0 +1,37 @@
+---
+dependency:
+  name: galaxy
+  options:
+    requirements-file: ./requirements.yml
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: geerlingguy/docker-${MOLECULE_TEST_OS}-ansible
+    command: ""
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup
+    cgroupns_mode: host
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      remote_tmp: /tmp/.ansible
+verifier:
+  name: ansible
+scenario:
+  name: hashistack_ca_default
+  test_sequence:
+    - dependency
+    - cleanup
+    - destroy
+    - syntax
+    - create
+    - prepare
+    - converge
+    - idempotence
+    - verify
+    - cleanup
+    - destroy
diff --git a/molecule/hashistack_ca_default/prepare.yml b/molecule/hashistack_ca_default/prepare.yml
new file mode 100644
index 0000000..c216743
--- /dev/null
+++ b/molecule/hashistack_ca_default/prepare.yml
@@ -0,0 +1,13 @@
+---
+- name: Prepare
+  hosts: all
+  become: true
+  tasks:
+    - name: "Install pre-required system packages"
+      ansible.builtin.include_role:
+        name: ednz_cloud.manage_apt_packages
+      vars:
+        manage_apt_packages_list:
+          - name: unzip
+            version: latest
+            state: present
diff --git a/molecule/hashistack_ca_default/requirements.yml b/molecule/hashistack_ca_default/requirements.yml
new file mode 100644
index 0000000..329e789
--- /dev/null
+++ b/molecule/hashistack_ca_default/requirements.yml
@@ -0,0 +1,4 @@
+---
+# requirements file for molecule
+roles:
+  - name: ednz_cloud.manage_apt_packages
diff --git a/molecule/hashistack_ca_default/verify.yml b/molecule/hashistack_ca_default/verify.yml
new file mode 100644
index 0000000..5f1bb76
--- /dev/null
+++ b/molecule/hashistack_ca_default/verify.yml
@@ -0,0 +1,6 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: true
+  become: true
+  tasks: []