diff --git a/config.default.toml b/config.default.toml
index bb1eea40..1b12390a 100644
--- a/config.default.toml
+++ b/config.default.toml
@@ -1,5 +1,5 @@
 port = 80
-verify_client_certificates = true
+verify_certificates = true
 
 # Defaults for the client connect form
 [defaults]
diff --git a/server/irc.go b/server/irc.go
index 4b12fd8e..f1e02924 100644
--- a/server/irc.go
+++ b/server/irc.go
@@ -4,10 +4,9 @@ import (
 	"crypto/tls"
 	"net"
 
-	"github.com/spf13/viper"
-
 	"github.com/khlieng/dispatch/irc"
 	"github.com/khlieng/dispatch/storage"
+	"github.com/spf13/viper"
 )
 
 func createNickInUseHandler(i *irc.Client, session *Session) func(string) string {
@@ -34,10 +33,13 @@ func reconnectIRC() {
 			i.Realname = server.Realname
 			i.HandleNickInUse = createNickInUseHandler(i, session)
 
-			if cert := user.GetCertificate(); cert != nil {
+			if i.TLS {
 				i.TLSConfig = &tls.Config{
-					Certificates:       []tls.Certificate{*cert},
-					InsecureSkipVerify: !viper.GetBool("verify_client_certificates"),
+					InsecureSkipVerify: !viper.GetBool("verify_certificates"),
+				}
+
+				if cert := user.GetCertificate(); cert != nil {
+					i.TLSConfig.Certificates = []tls.Certificate{*cert}
 				}
 			}
 
diff --git a/server/websocket_handler.go b/server/websocket_handler.go
index 187b6de0..1fd26732 100644
--- a/server/websocket_handler.go
+++ b/server/websocket_handler.go
@@ -111,10 +111,13 @@ func (h *wsHandler) connect(b []byte) {
 			i.Password = data.Password
 		}
 
-		if cert := h.session.user.GetCertificate(); cert != nil {
+		if i.TLS {
 			i.TLSConfig = &tls.Config{
-				Certificates:       []tls.Certificate{*cert},
-				InsecureSkipVerify: !viper.GetBool("verify_client_certificates"),
+				InsecureSkipVerify: !viper.GetBool("verify_certificates"),
+			}
+
+			if cert := h.session.user.GetCertificate(); cert != nil {
+				i.TLSConfig.Certificates = []tls.Certificate{*cert}
 			}
 		}