diff --git a/manifests/init.pp b/manifests/init.pp
index 7913c00209cbb2782763d8c65c40e8f3e138e4ab..83e8d67183e358cbdf9c5aed08b79ffaf67f8ae2 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -58,6 +58,32 @@ class apache::base
 
 
 
+/*
+ * Cause the Apache httpd to be restarted daily.
+ *
+ * One case when this is needed, is when using authentication using client
+ * certificates.  Apache is unable to re-read certificate revokation lists
+ * while running.  The only way to avoid the loaded CRLs expiring, thus
+ * causing client certificates to be declared invalid, seem to be to
+ * restart Apache.
+ */
+class apache::daily_restart
+{
+    # This tries to only generate output (mailed to root by Cron) if
+    # the restart fails.  And it will not try to start Apache if it is
+    # not running.
+    $restart = '/sbin/service httpd status >/dev/null 2>&1 && (o=`/usr/sbin/apachectl graceful 2>&1` || echo "$o" >&2)'
+
+    cron {
+	'apache::daily_restart':
+	    command => $restart,
+	    month => '*', monthday => '*', weekday => '*',
+	    hour => '5', minute => '30';
+    }
+}
+
+
+
 /*
  * Helper class for abstracting dependencies on the Apache service.
  * This is so others can do e.g. notify => Class[apache::service] instead