diff --git a/src/sbbs3/ssl.c b/src/sbbs3/ssl.c
index 16b736b0afbd9ac1618b83d7c218f29b759b3eb8..cbdd85f69d400f8f67a66cc82a88623c66699fea 100644
--- a/src/sbbs3/ssl.c
+++ b/src/sbbs3/ssl.c
@@ -130,13 +130,22 @@ CRYPT_CONTEXT DLLCALL get_ssl_cert(scfg_t *cfg, char estr[SSL_ESTR_LEN])
 		if(!DO(cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_COMMONNAME, cfg->sys_inetaddr, strlen(cfg->sys_inetaddr))))
 			goto failure_return_3;
 		sprintf(sysop_email, "sysop@%s", scfg.sys_inetaddr);
-		if(!DO(cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_RFC822NAME, cfg->sys_inetaddr, strlen(cfg->sys_inetaddr))))
+		if(!DO(cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_RFC822NAME, sesop_email, strlen(sesop_email))))
 			goto failure_return_3;
 		if(!DO(cryptSignCert(ssl_cert, ssl_context)))
 			goto failure_return_3;
 		if(!DO(cryptAddPublicKey(ssl_keyset, ssl_cert)))
 			goto failure_return_3;
 		cryptDestroyCert(ssl_cert);
+		cryptKeysetClose(ssl_keyset);
+		cryptDestroyContext(ssl_context);
+		// Finally, load it from the file.
+		if(cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, str, CRYPT_KEYOPT_NONE))) {
+			if(!DO(cryptGetPrivateKey(ssl_keyset, &ssl_context, CRYPT_KEYID_NAME, "ssl_cert", cfg->sys_pass))) {
+				pthread_mutex_unlock(&ssl_cert_mutex);
+				return -1;
+			}
+		}
 	}
 
 	cryptKeysetClose(ssl_keyset);
diff --git a/src/sbbs3/websrvr.c b/src/sbbs3/websrvr.c
index ec0a8604eee0b0c5113356684666554c8415872c..3c41d61094bec3d100426b0e94de63a5bcbf22cd 100644
--- a/src/sbbs3/websrvr.c
+++ b/src/sbbs3/websrvr.c
@@ -6196,6 +6196,7 @@ void http_session_thread(void* arg)
 		}
 #endif
 		if (tls_context != -1) {
+			HANDLE_CRYPT_CALL(cryptSetAttribute(session.tls_sess, CRYPT_SESSINFO_SSL_OPTIONS, CRYPT_SSLOPTION_DISABLE_CERTVERIFY), &session);
 			HANDLE_CRYPT_CALL(cryptSetAttribute(session.tls_sess, CRYPT_SESSINFO_PRIVATEKEY, tls_context), &session);
 		}
 		BOOL nodelay=TRUE;