diff --git a/xCAT-server-2.0/lib/xcat/plugins/conserver.pm b/xCAT-server-2.0/lib/xcat/plugins/conserver.pm
index a1527f7e5..ace9411eb 100644
--- a/xCAT-server-2.0/lib/xcat/plugins/conserver.pm
+++ b/xCAT-server-2.0/lib/xcat/plugins/conserver.pm
@@ -26,6 +26,15 @@ sub docfheaders {
   my $content = shift;
   my $numlines = @$content;
   my @meat = grep(!/^#/,@$content);
+  unless (grep(/^config \* {/,@meat)) {
+    push @$content,"config * {\n";
+    push @$content,"  sslauthority /etc/xcat/ca/ca-cert.pem;\n";
+    push @$content,"  sslcredentials /etc/xcat/cert/server-cred.pem;\n";
+    push @$content,"}\n";
+  }
+}
+
+  }
   unless (grep(/^default full/,@meat)) {
     push @$content,"default full { rw *; }\n";
   }
diff --git a/xCAT-server-2.0/share/xcat/scripts/setup-local-client.sh b/xCAT-server-2.0/share/xcat/scripts/setup-local-client.sh
index 7f677c271..ec41a3b18 100755
--- a/xCAT-server-2.0/share/xcat/scripts/setup-local-client.sh
+++ b/xCAT-server-2.0/share/xcat/scripts/setup-local-client.sh
@@ -1,5 +1,6 @@
 
 # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html
+umask 0077 #nothing make by this script should be readable by group or others
 
 
 if [ -z "$XCATDIR" ]; then
@@ -47,6 +48,8 @@ if [ -f root.cert ]; then
 fi
 
 cp root.cert $USERHOME/.xcat/client-cert.pem
+#Unify certificate and key in one file, console command at least expects it
+cat $USERHOME/.xcat/client-cert.pem $USERHOME/.xcat/client-key.pem > $USERHOME/.xcat/client-cred.pem
 cp ca-cert.pem $USERHOME/.xcat/ca.pem
 chown -R $1 $USERHOME/.xcat
 find $USERHOME/.xcat -type f -exec chmod 600 {} \;
diff --git a/xCAT-server-2.0/share/xcat/scripts/setup-server-cert.sh b/xCAT-server-2.0/share/xcat/scripts/setup-server-cert.sh
index ff861e1fe..20ff1a304 100755
--- a/xCAT-server-2.0/share/xcat/scripts/setup-server-cert.sh
+++ b/xCAT-server-2.0/share/xcat/scripts/setup-server-cert.sh
@@ -6,6 +6,7 @@ fi
 if [ -z "$1" ]; then
   echo "Usage: $0 servername"
 fi
+umask 0077
 CNA=$*
 
 XCATCADIR=$XCATDIR/ca
@@ -38,6 +39,8 @@ if [ -f `hostname`.cert ]; then
 fi
 
 cp `hostname`.cert $XCATDIR/cert/server-cert.pem
+#Put key and cert in a single file for the likes of conserver
+cat $XCATDIR/cert/server-cert.pem $XCATDIR/cert/server-key.pem > $XCATDIR/cert/server-cred.pem 
 cp ca-cert.pem $XCATDIR/cert/ca.pem
 cd -