diff --git a/xCAT-server/lib/xcat/plugins/credentials.pm b/xCAT-server/lib/xcat/plugins/credentials.pm
index c1d320082..04c321c60 100644
--- a/xCAT-server/lib/xcat/plugins/credentials.pm
+++ b/xCAT-server/lib/xcat/plugins/credentials.pm
@@ -297,6 +297,15 @@ sub process_request
 	   unlink "/tmp/xcat/client.cert.$$";
            my $certcontents = join('',@certdata);
            push @{$rsp->{'data'}},{content=>[$certcontents],desc=>[$parm]};
+       } elsif ($parm =~ /xcat_dockerhost_cert/) {
+          `logger -t xcat -p local4.info "credentials: sending $parm"` ;
+          unless (-r "/etc/xcatdockerca/cert/dockerhost-cert.pem") {
+            push @{$rsp->{'error'}},"Unable to read /etc/xcatdockerca/cert/dockerhost-cert.pem ";
+            `logger -t xcat -p local4.info "credentials: Unable to read /etc/xcatdockerca/cert/dockerhost-cert.pem"` ;
+            next;
+          }
+          $tfilename = "/etc/xcatdockerca/cert/dockerhost-cert.pem";
+
        } else {
           next;
        }
diff --git a/xCAT-server/share/xcat/scripts/setup-dockerhost-cert.sh b/xCAT-server/share/xcat/scripts/setup-dockerhost-cert.sh
index e2c989a9b..4abe89449 100755
--- a/xCAT-server/share/xcat/scripts/setup-dockerhost-cert.sh
+++ b/xCAT-server/share/xcat/scripts/setup-dockerhost-cert.sh
@@ -45,12 +45,14 @@ if [ ! -e $XCATDOCKERCADIR/openssl.cnf ]; then
 fi
 sed -i "s@^dir.*=.*/etc/xcat/ca@dir = $XCATDOCKERCADIR@g" $XCATDOCKERCADIR/openssl.cnf 
 
-if [ ! -e $XCATDOCKERCADIR/index ]; then
-  touch $XCATDOCKERCADIR/index
-fi
-if [ ! -e $XCATDOCKERCADIR/serial ]; then
-  echo "00" > $XCATDOCKERCADIR/serial
+if [  -e $XCATDOCKERCADIR/index ]; then
+  rm -f $XCATDOCKERCADIR/index*
 fi
+touch $XCATDOCKERCADIR/index
+
+echo "00" > $XCATDOCKERCADIR/serial
+
+
 if [ ! -e $XCATDOCKERCADIR/certs ]; then
   mkdir -p $XCATDOCKERCADIR/certs
 fi
@@ -73,8 +75,7 @@ if [ -f $CNA\.cert ]; then
     rm $CNA\.csr
 fi
 
-cp ca-cert.pem $XCATDOCKERDIR/cert/
 mv $CNA\.cert $XCATDOCKERDIR/cert/dockerhost-cert.pem
-mv dockerhost-key.pem $XCATDOCKERDIR/cert/
+cat dockerhost-key.pem >> $XCATDOCKERDIR/cert/dockerhost-cert.pem
 
 cd -
diff --git a/xCAT/postscripts/setupdockerhost b/xCAT/postscripts/setupdockerhost
index da06482c5..29c793c53 100755
--- a/xCAT/postscripts/setupdockerhost
+++ b/xCAT/postscripts/setupdockerhost
@@ -12,6 +12,7 @@
 #
 #=cut
 #-------------------------------------------------------------------------------
+set -x
 if [ "$(uname -s|tr 'A-Z' 'a-z')" = "linux" ];then
     str_dir_name=`dirname $0`
     . $str_dir_name/xcatlib.sh
@@ -67,6 +68,7 @@ else
     sed -i "s@\ \{2,\}@@g" $docker_conf_file
     sed -i "s@^\(DOCKER_OPTS\=\"[^\"]*\)@\1 -b=$dockerbr\"@" $docker_conf_file
     sed -i "s/\"+$/\"/" $docker_conf_file
+    sed -i "s/\"\{2,\}/\"/" $docker_conf_file
 fi
 
 #Restart docker service
@@ -88,14 +90,28 @@ if [ ! -d /root/.docker ]; then
 fi
 
 HOST_CA_PEM="/root/.docker/ca-cert.pem"
-HOST_KEY_PEM="/root/.docker/dockerhost-key.pem"
 HOST_CERT_PEM="/root/.docker/dockerhost-cert.pem"
 
-scp $master:/etc/xcatdockerca/cert/dockerhost-cert.pem $HOST_CERT_PEM
-scp $master:/etc/xcatdockerca/cert/dockerhost-key.pem $HOST_KEY_PEM
-scp $master:/etc/xcatdockerca/cert/ca-cert.pem $HOST_CA_PEM
+allowcred.awk &
+CREDPID=$!
+sleep 1
 
-if [ ! -e $HOST_CA_PEM -o ! -e $HOST_KEY_PEM -o ! -e $HOST_CERT_PEM ];then
+getcredentials.awk xcat_dockerhost_cert | grep -E -v '</{0,1}xcatresponse>|</{0,1}serverdone>' | sed -e 's/&lt;/</' -e 's/&gt;/>/' -e 's/&amp;/&/' -e 's/&quot/"/' -e "s/&apos;/'/" > /tmp/xcat_dockerhost_cert
+
+kill -9 $CREDPID
+
+grep -E '<error>' /tmp/xcat_dockerhost_cert
+if [ $? -ne 0 ]; then
+    cat /tmp/xcat_dockerhost_cert |  
+    cat /tmp/xcat_dockerhost_cert | grep -E -v '</{0,1}errorcode>|/{0,1}data>|</{0,1}content>|</{0,1}desc>' >$HOST_CERT_PEM
+else 
+    echo "Can not get dockerhost certificate files"
+    exit 1
+fi
+
+cp /xcatpost/ca/ca-cert.pem $HOST_CA_PEM
+
+if [ ! -e $HOST_CA_PEM -o ! -e $HOST_CERT_PEM ];then
     echo "Can not get dockerhost certificate files"
     exit 1
 fi
@@ -106,7 +122,7 @@ if [ ! -f "$docker_conf_file" ]; then
     exit 1
 fi
 if ! grep "^DOCKER_OPTS" $docker_conf_file > /dev/null 2>&1 ; then
-    echo "DOCKER_OPTS=\"-H tcp://`hostname`:2375 --tls --tlscacert=$HOST_CA_PEM --tlscert=$HOST_CERT_PEM --tlskey=$HOST_KEY_PEM --tlsverify=true\"" >> $docker_conf_file
+    echo "DOCKER_OPTS=\"-H tcp://`hostname`:2375 --tls --tlscacert=$HOST_CA_PEM --tlscert=$HOST_CERT_PEM --tlskey=$HOST_CERT_PEM --tlsverify=true\"" >> $docker_conf_file
 else
     if grep "^DOCKER_OPTS.*tlsverify" $docker_conf_file > /dev/null 2>&1; then
         sed -i "s@-H [^ |^\"]*@@g" $docker_conf_file
@@ -117,8 +133,8 @@ else
         sed -i "s@--tls@@g" $docker_conf_file
         sed -i "s@\ \{2,\}@@g" $docker_conf_file
     fi 
-    sed -i "s@^\(DOCKER_OPTS\=\"[^\"]*\)@\1 -H tcp://`hostname`:2375 --tls --tlscacert=$HOST_CA_PEM --tlscert=$HOST_CERT_PEM --tlskey=$HOST_KEY_PEM --tlsverify=true\"@" $docker_conf_file
-    sed -i 's/\"\{2,\}/"/' $docker_conf_file
+    sed -i "s@^\(DOCKER_OPTS\=\"[^\"]*\)@\1 -H tcp://`hostname`:2375 --tls --tlscacert=$HOST_CA_PEM --tlscert=$HOST_CERT_PEM --tlskey=$HOST_CERT_PEM --tlsverify=true\"@" $docker_conf_file
+    sed -i 's/\"\{2,\}/\"/' $docker_conf_file
 fi
 
 #Restart docker service