diff --git a/lib/NGCP/Panel/Form/Administrator/APIDownDelete.pm b/lib/NGCP/Panel/Form/Administrator/APIDownDelete.pm
index e75ce07f54..ab39a36209 100644
--- a/lib/NGCP/Panel/Form/Administrator/APIDownDelete.pm
+++ b/lib/NGCP/Panel/Form/Administrator/APIDownDelete.pm
@@ -73,7 +73,7 @@ has_field 'ca.download' => (
 
 has_field 'ca.description' => (
     type => 'Display',
-    html => '<div class="ngcp-form-desc">The Server Certificate used to sign the above\'s Client Certificates. Needed if you want to verify the server connection in your API client, and the server certificate is not signed by a well-known CA or is self-signed.</div>',
+    html => '<div class="ngcp-form-desc">The Server Certificate. Needed if you want to verify the server connection in your API client, and the server certificate is not signed by a well-known CA or is self-signed.</div>',
     do_wrapper => 0,
     do_label => 0,
 );
diff --git a/lib/NGCP/Panel/Model/CA.pm b/lib/NGCP/Panel/Model/CA.pm
index 54e9c5ee8d..5f90e4a92f 100644
--- a/lib/NGCP/Panel/Model/CA.pm
+++ b/lib/NGCP/Panel/Model/CA.pm
@@ -37,9 +37,12 @@ sub make_client {
     $c->log->debug($tmpl);
     $client_signing_template->spew($tmpl);
     my $client_cert = Path::Tiny->tempfile;
-    $command = sprintf 'certtool -c --load-privkey %s --outfile %s --load-ca-certificate %s --load-ca-privkey %s ' .
-      '--template %s 1>&- 2>&-', $client_key->stringify, $client_cert->stringify, $c->config->{ssl}->{certfile},
-      $c->config->{ssl}->{keyfile}, $client_signing_template->stringify;
+    $command = sprintf
+        'certtool -c --load-privkey %s --outfile %s --load-ca-certificate %s --load-ca-privkey %s --template %s 1>&- 2>&-',
+        $client_key->stringify, $client_cert->stringify,
+        ($c->config->{ssl}->{rest_api_certfile} || $c->config->{ssl}->{certfile}),
+        ($c->config->{ssl}->{rest_api_keyfile}  || $c->config->{ssl}->{keyfile}),
+        $client_signing_template->stringify;
     $c->log->debug($command);
     system $command;
     my $cert = $client_cert->slurp . $client_key->slurp =~ s/.*(?=-----BEGIN RSA PRIVATE KEY-----)//mrs;
@@ -55,7 +58,8 @@ sub make_pkcs12 {
     my $cert_file = Path::Tiny->tempfile;
     $cert_file->spew($cert);
     my $p12_file = Path::Tiny->tempfile;
-    my $command = sprintf 'openssl pkcs12 -export -in %s -inkey %s -out %s -password pass:%s -name "NGCP API Client Certificate %d"', $cert_file->stringify, $cert_file->stringify, $p12_file->stringify, $pass, $serial;
+    my $command = sprintf 'openssl pkcs12 -export -in %s -inkey %s -out %s -password pass:%s -name "NGCP API Client Certificate %d"',
+        $cert_file->stringify, $cert_file->stringify, $p12_file->stringify, $pass, $serial;
     $c->log->debug($command);
     system $command;
     my $p12 = $p12_file->slurp({binmode => ":raw"});
@@ -68,7 +72,7 @@ sub make_pkcs12 {
 sub get_server_cert {
     my ($self, $c) = @_;
 
-    my $cert_file = Path::Tiny->new($c->config->{ssl}->{certfile});
+    my $cert_file = Path::Tiny->new($c->config->{ssl}->{server_certfile} || $c->config->{ssl}->{certfile});
     return $cert_file->slurp;
 }
 
diff --git a/ngcp_panel.conf b/ngcp_panel.conf
index 8371fc452a..16d4ca1d30 100644
--- a/ngcp_panel.conf
+++ b/ngcp_panel.conf
@@ -81,6 +81,7 @@ log4perl.appender.Default.layout.ConversionPattern=%d{ISO8601} [%p] [%F +%L] %m{
 </callflow>
 
 <ssl>
-  keyfile  /etc/ssl/ngcp/api/ca-key.pem
-  certfile /etc/ssl/ngcp/api/ca-cert.pem
+  rest_api_keyfile  /etc/ssl/ngcp/api/ca-key.pem
+  rest_api_certfile /etc/ssl/ngcp/api/ca-cert.pem
+  server_certfile   /etc/ssl/ngcp/api/ca-cert.pem
 </ssl>