TLS servers without all of them needing to separately load the ssl certificate.

It's destroyed in free_scfg(), and the config *must* be prepped both to
destroy the certificate and to load it.  This is because the "no cert"
value is -1, not 0, so the prepped flag is all we really have to indicate
if it's zero because it's a valid certificate or zero because no certificate
has been loaded.