diff --git a/include/bitcoin/server/worker.hpp b/include/bitcoin/server/worker.hpp
index a9c175f0..d5530482 100644
--- a/include/bitcoin/server/worker.hpp
+++ b/include/bitcoin/server/worker.hpp
@@ -81,9 +81,12 @@ class BCS_API request_worker
 
     czmqpp::context context_;
     czmqpp::socket socket_;
+    czmqpp::authenticator authenticate_;
+    czmqpp::certificate certificate_;
+
+    // These are not authenticated.
     czmqpp::socket wakeup_socket_;
     czmqpp::socket heartbeat_socket_;
-    czmqpp::authenticator authenticate_;
 
     send_worker sender_;
     command_map handlers_;
diff --git a/src/worker.cpp b/src/worker.cpp
index e4e4d6d6..bfa936f3 100644
--- a/src/worker.cpp
+++ b/src/worker.cpp
@@ -187,15 +187,21 @@ bool request_worker::enable_crypto(const settings_type& config)
         client_certs = config.server.client_certificates_path.string();
 
     authenticate_.configure_curve("*", client_certs);
-    czmqpp::certificate cert(config.server.certificate_file.string());
-    if (cert.valid())
+    auto cert_path = config.server.certificate_file.string();
+
+    if (!cert_path.empty())
     {
-        cert.apply(socket_);
-        socket_.set_curve_server(zmq_curve_enabled);
-        return true;
+        // TODO: create a czmqpp::reset(path) override to hide this.
+        // Create a new certificate and transfer ownership to the member.
+        certificate_.reset(zcert_load(cert_path.c_str()));
+
+        if (!certificate_.valid())
+            return false;
     }
 
-    return false;
+    certificate_.apply(socket_);
+    socket_.set_curve_server(zmq_curve_enabled);
+    return true;
 }
 
 bool request_worker::create_new_socket(const settings_type& config)