diff --git a/REFERENCE.md b/REFERENCE.md
index 387082b9ae42f610c0c81486a4779c051d45b2eb..1e1b01b41af1f2e311e675fd3263eec41a31a050 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -98,6 +98,7 @@ The following parameters are available in the `cfssl` class:
 * [`crldir`](#crldir)
 * [`crl_expiry`](#crl_expiry)
 * [`crl_gentimer`](#crl_gentimer)
+* [`crl_extension`](#crl_extension)
 * [`serve_ca`](#serve_ca)
 
 ##### <a name="downloadurl"></a>`downloadurl`
@@ -272,10 +273,18 @@ Default value: `604800`
 
 Data type: `String[1]`
 
-
+Systemd timer https://www.freedesktop.org/software/systemd/man/systemd.time.html
 
 Default value: `'*:00:00'`
 
+##### <a name="crl_extension"></a>`crl_extension`
+
+Data type: `String[1]`
+
+The filename extension suffix used form generated CRL.
+
+Default value: `'pem'`
+
 ##### <a name="serve_ca"></a>`serve_ca`
 
 Data type: `Optional[String[1]]`
diff --git a/manifests/init.pp b/manifests/init.pp
index b2acd0a9570ba246d624664b35db476c16178651..8dbfd49f5180f796e0901ea7fb7cfb94695a9fc5 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -46,7 +46,8 @@
 # @param crl_manage If true a CRL file is generated from the served autority.
 # @param crldir A directory where the CRL file is written.
 # @param crl_expiry A value, in seconds, after which the CRL should expire from the moment of the request
-# @param crl_gentimer
+# @param crl_gentimer Systemd timer https://www.freedesktop.org/software/systemd/man/systemd.time.html
+# @param crl_extension The filename extension suffix used form generated CRL.
 # @param serve_ca The Certificate authority served with CFSSL serve
 #
 class cfssl (
@@ -72,6 +73,7 @@ class cfssl (
   Stdlib::Absolutepath $crldir = '/var/cfssl',
   Integer $crl_expiry = 604800,
   String[1] $crl_gentimer = '*:00:00',
+  String[1] $crl_extension  = 'pem',
   Optional[String[1]] $serve_ca = undef,
 ) inherits cfssl::params {
   include cfssl::goose
diff --git a/templates/cfssl-gencrl.service.epp b/templates/cfssl-gencrl.service.epp
index 44cb09dc1e6372cfeaa8bcc6b3a3e52f6d8f2a02..3c381820140b51edd4bd803024c55d6ebbfd300a 100644
--- a/templates/cfssl-gencrl.service.epp
+++ b/templates/cfssl-gencrl.service.epp
@@ -8,6 +8,6 @@ After=cfssl.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-Environment=CRL=<%= $cfssl::crldir %>/crl-<%= $ca %>.pem
+Environment=CRL=<%= $cfssl::crldir %>/crl-<%= $ca %>.<%= $cfssl::crl_extension %>
 ExecStart=sh -c 'echo "-----BEGIN X509 CRL-----" > $CRL ; cfssl crl -db-config <%= $cfssl::confdir %>/<%= $cfssl::params::db_config_json %> -ca <%= $cfssl::confdir %>/ca/<%= $ca %>.pem -ca-key <%= $cfssl::confdir %>/ca/<%= $ca %>-key.pem | fold -w 64 >> $CRL ; echo "-----END X509 CRL-----" >> $CRL'