diff --git a/.ruby-version b/.ruby-version
index 7a895c21..671d1fe4 100644
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-1.9.3-p484
+1.9.3-p545
diff --git a/.travis.yml b/.travis.yml
index c9928ac3..47552768 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -10,13 +10,10 @@ script:
   - "rake spec SPEC_OPTS='--format documentation'"
 env:
   - PUPPET_VERSION="~> 2.7.0"
-  - PUPPET_VERSION="~> 3.0.0"
-  - PUPPET_VERSION="~> 3.1.0"
-  - PUPPET_VERSION="~> 3.2.0"
-  - PUPPET_VERSION="~> 3.3.0"
   - PUPPET_VERSION="~> 3.4.0"
   - PUPPET_VERSION="~> 3.5.0"
   - PUPPET_VERSION="~> 3.6.0"
+  - PUPPET_VERSION="~> 3.7.0"
 matrix:
   exclude:
     - rvm: 1.9.3
diff --git a/manifests/server.pp b/manifests/server.pp
index 9a4b4867..68c6baad 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -362,12 +362,18 @@
     default => $group
   }
 
+  File {
+    group   => $group_to_set,
+    recurse => true,
+  }
+
   file {
     [ "/etc/openvpn/${name}",
       "/etc/openvpn/${name}/auth",
       "/etc/openvpn/${name}/client-configs",
       "/etc/openvpn/${name}/download-configs" ]:
-        ensure  => directory;
+        mode   => '0750',
+        ensure => directory;
   }
 
   exec {
@@ -386,6 +392,7 @@
 
   file {
     "/etc/openvpn/${name}/easy-rsa/revoked":
+      mode   => '0750',
       ensure  => directory,
       require => Exec["copy easy-rsa to openvpn config folder ${name}"];
   }
diff --git a/spec/defines/openvpn_server_spec.rb b/spec/defines/openvpn_server_spec.rb
index ce5f1925..e94eaea7 100644
--- a/spec/defines/openvpn_server_spec.rb
+++ b/spec/defines/openvpn_server_spec.rb
@@ -24,18 +24,22 @@
     } }
 
     # Files associated with a server config
-    it { should contain_file('/etc/openvpn/test_server').with('ensure' => 'directory')}
-    it { should contain_file('/etc/openvpn/test_server/client-configs').with('ensure' => 'directory')}
-    it { should contain_file('/etc/openvpn/test_server/download-configs').with('ensure' => 'directory')}
-    it { should contain_file('/etc/openvpn/test_server/auth').with('ensure' => 'directory')}
+    it { should contain_file('/etc/openvpn/test_server').
+         with(:ensure =>'directory', :mode =>'0750', :recurse =>true, :group =>'nogroup') }
+    it { should contain_file('/etc/openvpn/test_server/client-configs').
+         with(:ensure =>'directory', :mode =>'0750', :recurse =>true, :group =>'nogroup') }
+    it { should contain_file('/etc/openvpn/test_server/download-configs').
+         with(:ensure =>'directory', :mode =>'0750', :recurse =>true, :group =>'nogroup') }
+    it { should contain_file('/etc/openvpn/test_server/auth').
+         with(:ensure =>'directory', :mode =>'0750', :recurse =>true, :group =>'nogroup') }
+    it { should contain_file('/etc/openvpn/test_server/easy-rsa/revoked').
+         with(:ensure =>'directory', :mode =>'0750', :recurse =>true, :group =>'nogroup') }
     it { should contain_file('/etc/openvpn/test_server/easy-rsa/vars')}
-    it { should contain_file('/etc/openvpn/test_server/easy-rsa/revoked').with('ensure' => 'directory')}
-    it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf')}
-    it { should contain_file('/etc/openvpn/test_server/easy-rsa/keys/crl.pem').with('target' => '/etc/openvpn/test_server/crl.pem')}
-    it { should contain_file('/etc/openvpn/test_server/keys').with(
-      'ensure'  => 'link',
-      'target'  => '/etc/openvpn/test_server/easy-rsa/keys'
-    )}
+    it { should contain_file('/etc/openvpn/test_server/easy-rsa/openssl.cnf') }
+    it { should contain_file('/etc/openvpn/test_server/easy-rsa/keys/crl.pem').
+         with(:ensure =>'link', :target =>'/etc/openvpn/test_server/crl.pem') }
+    it { should contain_file('/etc/openvpn/test_server/keys').
+         with(:ensure =>'link', :target =>'/etc/openvpn/test_server/easy-rsa/keys') }
 
     # Execs to working with certificates
     it { should contain_exec('copy easy-rsa to openvpn config folder test_server').with(