diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 8e577abd9..0d35c298d 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1796,14 +1796,6 @@ static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_an
 	if (BIO_read_filename(in, path) <= 0)
 		goto end;
 
-	/* Read Certificate */
-	ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
-	if (ckch->cert == NULL) {
-		memprintf(err, "%sunable to load certificate from file '%s'.\n",
-				err && *err ? *err : "", path);
-		goto end;
-	}
-
 	/* Read Private Key */
 	ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
 	if (ckch->key == NULL) {
@@ -1812,6 +1804,17 @@ static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_an
 		goto end;
 	}
 
+	/* Seek back to beginning of file */
+	BIO_reset(in);
+
+	/* Read Certificate */
+	ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
+	if (ckch->cert == NULL) {
+		memprintf(err, "%sunable to load certificate from file '%s'.\n",
+				err && *err ? *err : "", path);
+		goto end;
+	}
+
 	/* Read Certificate Chain */
 	while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
 		/* Grow the chain certs */