diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 23316c2e5..5d9593a81 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4788,8 +4788,10 @@ int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
 	/* initialize all certificate contexts */
 	err += ssl_sock_prepare_all_ctx(bind_conf);
 
+#ifndef SSL_NO_GENERATE_CERTIFICATES
 	/* initialize CA variables if the certificates generation is enabled */
 	err += ssl_sock_load_ca(bind_conf);
+#endif
 
 	return -err;
 }
@@ -4881,7 +4883,9 @@ REGISTER_POST_DEINIT(ssl_sock_deinit);
 /* Destroys all the contexts for a bind_conf. This is used during deinit(). */
 void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
 {
+#ifndef SSL_NO_GENERATE_CERTIFICATES
 	ssl_sock_free_ca(bind_conf);
+#endif
 	ssl_sock_free_all_ctx(bind_conf);
 	ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
 	free(bind_conf->ca_sign_file);