diff --git a/src/ejabberd_s2s_in.erl b/src/ejabberd_s2s_in.erl
index 28b98da8b..6ad53721c 100644
--- a/src/ejabberd_s2s_in.erl
+++ b/src/ejabberd_s2s_in.erl
@@ -63,6 +63,7 @@
 		tls = false,
 		tls_enabled = false,
 		tls_options = [],
+		server,
 		authenticated = false,
 		auth_domain,
 	        connections = ?DICT:new(),
@@ -193,7 +194,7 @@ wait_for_stream({xmlstreamstart, Opening}, StateData) ->
 					     Server,
 					     [], [Server]),
 	    send_element(StateData, exmpp_stream:features(Features)),
-	    {next_state, wait_for_feature_request, StateData};
+	    {next_state, wait_for_feature_request, StateData#state{server = Server}};
 	{?NS_JABBER_SERVER, _, Server, true} when
 	      StateData#state.authenticated ->
 	    Opening_Reply = exmpp_stream:opening_reply(Opening,
@@ -244,14 +245,25 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) ->
 	    Socket = StateData#state.socket,
 	    Proceed = exmpp_xml:node_to_list(
 	      exmpp_server_tls:proceed(), [?DEFAULT_NS], ?PREFIXED_NS),
-	    TLSOpts = StateData#state.tls_options,
+	    TLSOpts = case ejabberd_config:get_local_option(
+			     {domain_certfile,
+			      StateData#state.server}) of
+			  undefined ->
+			      StateData#state.tls_options;
+			  CertFile ->
+			      [{certfile, CertFile} |
+			       lists:keydelete(
+				 certfile, 1,
+				 StateData#state.tls_options)]
+		      end,
 	    TLSSocket = (StateData#state.sockmod):starttls(
 			  Socket, TLSOpts,
 			  Proceed),
 	    {next_state, wait_for_stream,
 	     StateData#state{socket = TLSSocket,
 			     streamid = new_id(),
-			     tls_enabled = true
+			     tls_enabled = true,
+			     tls_options = TLSOpts
 			    }};
 	#xmlel{ns = ?NS_SASL, name = 'auth'} when TLSEnabled ->
 	    case exmpp_server_sasl:next_step(El) of
diff --git a/src/ejabberd_s2s_out.erl b/src/ejabberd_s2s_out.erl
index 09cfce54e..349c4dcbe 100644
--- a/src/ejabberd_s2s_out.erl
+++ b/src/ejabberd_s2s_out.erl
@@ -67,7 +67,7 @@
 		tls = false,
 		tls_required = false,
 		tls_enabled = false,
-		tls_options = [],
+		tls_options = [connect],
 		authenticated = false,
 		db_enabled = true,
 		try_auth = true,
@@ -155,7 +155,7 @@ init([From, Server, Type]) ->
     UseV10 = TLS,
     TLSOpts = case ejabberd_config:get_local_option(s2s_certfile) of
 		  undefined ->
-		      [];
+		      [connect];
 		  CertFile ->
 		      [{certfile, CertFile}, connect]
 	      end,
@@ -606,7 +606,7 @@ wait_for_starttls_proceed({xmlstreamelement, El}, StateData) ->
 				     StateData#state.server}]),
 	    Socket = StateData#state.socket,
 	    TLSOpts = case ejabberd_config:get_local_option
-                          ({domain_certfile, StateData#state.server}) of
+                          ({domain_certfile, StateData#state.myname}) of
 			  undefined ->
 			      StateData#state.tls_options;
 			  CertFile ->