diff --git a/openvoxserver/container-entrypoint.d/61-set-enc.sh b/openvoxserver/container-entrypoint.d/61-set-enc.sh
new file mode 100644
index 0000000..b525f18
--- /dev/null
+++ b/openvoxserver/container-entrypoint.d/61-set-enc.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+set -e
+
+if [ -n "${EXTERNAL_NODES}" ]; then
+  puppet config set external_nodes "$EXTERNAL_NODES" --section server
+  puppet config set node_terminus exec --section server
+fi
diff --git a/openvoxserver/container-entrypoint.d/90-ca.sh b/openvoxserver/container-entrypoint.d/90-ca.sh
index 2a139b4..f58084d 100755
--- a/openvoxserver/container-entrypoint.d/90-ca.sh
+++ b/openvoxserver/container-entrypoint.d/90-ca.sh
@@ -41,6 +41,16 @@ else
   puppet config set --section server ca_ttl "${CA_TTL}"
   puppet config set --section server ca_server "${CA_HOSTNAME}"
   puppet config set --section server ca_port "${CA_PORT}"
+  ca_allow_duplicate_certs="${CA_ALLOW_DUPLICATE_CERTS:-false}"
+  case "${ca_allow_duplicate_certs}" in
+    true|false)
+      puppet config set --section server allow_duplicate_certs "${ca_allow_duplicate_certs}"
+      ;;
+    *)
+      echo "Error: CA_ALLOW_DUPLICATE_CERTS must be true or false"
+      exit 99
+      ;;
+  esac
   hocon -f /etc/puppetlabs/puppetserver/conf.d/ca.conf \
     set certificate-authority.allow-subject-alt-names "${CA_ALLOW_SUBJECT_ALT_NAMES}"