diff --git a/manifests/java.pp b/manifests/java.pp
index c39753e..5f1f2ac 100644
--- a/manifests/java.pp
+++ b/manifests/java.pp
@@ -55,7 +55,7 @@
   }
 
   exec { "validate ${filename} contents":
-    command     => "/usr/bin/openssl x509 -in ${filename} -noout",
+    command     => "openssl x509 -in ${filename} -noout",
     cwd         => '/tmp',
     path        => $trusted_ca::path,
     logoutput   => on_failure,
diff --git a/spec/defines/trusted_ca_java_spec.rb b/spec/defines/trusted_ca_java_spec.rb
index f6c7d40..87944f3 100644
--- a/spec/defines/trusted_ca_java_spec.rb
+++ b/spec/defines/trusted_ca_java_spec.rb
@@ -42,6 +42,12 @@
           it { is_expected.to compile.with_all_deps }
           it { is_expected.to contain_file('/tmp/mycert-trustedca') }
 
+          it do
+            is_expected.to contain_exec('validate /tmp/mycert-trustedca contents'). \
+              with_command('openssl x509 -in /tmp/mycert-trustedca -noout').that_notifies('Exec[import /tmp/mycert-trustedca to jks /etc/alternatives/jre_1.7.0/lib/security/cacerts]')
+
+          end
+
           it do
             is_expected.to contain_exec('import /tmp/mycert-trustedca to jks /etc/alternatives/jre_1.7.0/lib/security/cacerts'). \
               with_command('keytool -import -noprompt -trustcacerts -alias mycert -file /tmp/mycert-trustedca -keystore /etc/alternatives/jre_1.7.0/lib/security/cacerts -storepass changeit')