diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java b/zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java
index 76c3c4dd35d..bc62847ef76 100644
--- a/zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java
+++ b/zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java
@@ -225,64 +225,68 @@ public SSLContext createSSLContext(ZKConfig config) throws SSLContextException {
                         "' provided in the property '" + sslClientContextProperty + "'", e);
             }
         } else {
-            KeyManager[] keyManagers = null;
-            TrustManager[] trustManagers = null;
+            return createSSLContextFromConfig(config);
+        }
+    }
 
-            String keyStoreLocationProp = config.getProperty(sslKeystoreLocationProperty, "");
-            String keyStorePasswordProp = config.getProperty(sslKeystorePasswdProperty, "");
-            String keyStoreTypeProp = config.getProperty(sslKeystoreTypeProperty);
+    private SSLContext createSSLContextFromConfig(ZKConfig config) throws SSLContextException {
+        KeyManager[] keyManagers = null;
+        TrustManager[] trustManagers = null;
 
-            // There are legal states in some use cases for null KeyManager or TrustManager.
-            // But if a user wanna specify one, location is required. Password defaults to empty string if it is not
-            // specified by the user.
+        String keyStoreLocationProp = config.getProperty(sslKeystoreLocationProperty, "");
+        String keyStorePasswordProp = config.getProperty(sslKeystorePasswdProperty, "");
+        String keyStoreTypeProp = config.getProperty(sslKeystoreTypeProperty);
 
-            if (keyStoreLocationProp.isEmpty()) {
-                LOG.warn(getSslKeystoreLocationProperty() + " not specified");
-            } else {
-                try {
-                    keyManagers = new KeyManager[]{
-                            createKeyManager(keyStoreLocationProp, keyStorePasswordProp, keyStoreTypeProp)};
-                } catch (KeyManagerException keyManagerException) {
-                    throw new SSLContextException("Failed to create KeyManager", keyManagerException);
-                } catch (IllegalArgumentException e) {
-                    throw new SSLContextException("Bad value for " + sslKeystoreTypeProperty + ": " + keyStoreTypeProp, e);
-                }
-            }
+        // There are legal states in some use cases for null KeyManager or TrustManager.
+        // But if a user wanna specify one, location is required. Password defaults to empty string if it is not
+        // specified by the user.
 
-            String trustStoreLocationProp = config.getProperty(sslTruststoreLocationProperty, "");
-            String trustStorePasswordProp = config.getProperty(sslTruststorePasswdProperty, "");
-            String trustStoreTypeProp = config.getProperty(sslTruststoreTypeProperty);
+        if (keyStoreLocationProp.isEmpty()) {
+            LOG.warn(getSslKeystoreLocationProperty() + " not specified");
+        } else {
+            try {
+                keyManagers = new KeyManager[]{
+                        createKeyManager(keyStoreLocationProp, keyStorePasswordProp, keyStoreTypeProp)};
+            } catch (KeyManagerException keyManagerException) {
+                throw new SSLContextException("Failed to create KeyManager", keyManagerException);
+            } catch (IllegalArgumentException e) {
+                throw new SSLContextException("Bad value for " + sslKeystoreTypeProperty + ": " + keyStoreTypeProp, e);
+            }
+        }
 
-            boolean sslCrlEnabled = config.getBoolean(this.sslCrlEnabledProperty);
-            boolean sslOcspEnabled = config.getBoolean(this.sslOcspEnabledProperty);
-            boolean sslServerHostnameVerificationEnabled =
-                    config.getBoolean(this.getSslHostnameVerificationEnabledProperty(), true);
-            boolean sslClientHostnameVerificationEnabled =
-                    sslServerHostnameVerificationEnabled && shouldVerifyClientHostname();
+        String trustStoreLocationProp = config.getProperty(sslTruststoreLocationProperty, "");
+        String trustStorePasswordProp = config.getProperty(sslTruststorePasswdProperty, "");
+        String trustStoreTypeProp = config.getProperty(sslTruststoreTypeProperty);
 
-            if (trustStoreLocationProp.isEmpty()) {
-                LOG.warn(getSslTruststoreLocationProperty() + " not specified");
-            } else {
-                try {
-                    trustManagers = new TrustManager[]{
-                            createTrustManager(trustStoreLocationProp, trustStorePasswordProp, trustStoreTypeProp, sslCrlEnabled, sslOcspEnabled,
-                                    sslServerHostnameVerificationEnabled, sslClientHostnameVerificationEnabled)};
-                } catch (TrustManagerException trustManagerException) {
-                    throw new SSLContextException("Failed to create TrustManager", trustManagerException);
-                } catch (IllegalArgumentException e) {
-                    throw new SSLContextException("Bad value for " + sslTruststoreTypeProperty + ": " + trustStoreTypeProp, e);
-                }
-            }
+        boolean sslCrlEnabled = config.getBoolean(this.sslCrlEnabledProperty);
+        boolean sslOcspEnabled = config.getBoolean(this.sslOcspEnabledProperty);
+        boolean sslServerHostnameVerificationEnabled =
+                config.getBoolean(this.getSslHostnameVerificationEnabledProperty(), true);
+        boolean sslClientHostnameVerificationEnabled =
+                sslServerHostnameVerificationEnabled && shouldVerifyClientHostname();
 
-            String protocol = System.getProperty(sslProtocolProperty, DEFAULT_PROTOCOL);
+        if (trustStoreLocationProp.isEmpty()) {
+            LOG.warn(getSslTruststoreLocationProperty() + " not specified");
+        } else {
             try {
-                SSLContext sslContext = SSLContext.getInstance(protocol);
-                sslContext.init(keyManagers, trustManagers, null);
-                return sslContext;
-            } catch (NoSuchAlgorithmException | KeyManagementException sslContextInitException) {
-                throw new SSLContextException(sslContextInitException);
+                trustManagers = new TrustManager[]{
+                        createTrustManager(trustStoreLocationProp, trustStorePasswordProp, trustStoreTypeProp, sslCrlEnabled, sslOcspEnabled,
+                                sslServerHostnameVerificationEnabled, sslClientHostnameVerificationEnabled)};
+            } catch (TrustManagerException trustManagerException) {
+                throw new SSLContextException("Failed to create TrustManager", trustManagerException);
+            } catch (IllegalArgumentException e) {
+                throw new SSLContextException("Bad value for " + sslTruststoreTypeProperty + ": " + trustStoreTypeProp, e);
             }
         }
+
+        String protocol = System.getProperty(sslProtocolProperty, DEFAULT_PROTOCOL);
+        try {
+            SSLContext sslContext = SSLContext.getInstance(protocol);
+            sslContext.init(keyManagers, trustManagers, null);
+            return sslContext;
+        } catch (NoSuchAlgorithmException | KeyManagementException sslContextInitException) {
+            throw new SSLContextException(sslContextInitException);
+        }
     }
 
     /**