diff --git a/cmd/gost/.gitignore b/cmd/gost/.gitignore
new file mode 100644
index 0000000..c4b36ef
--- /dev/null
+++ b/cmd/gost/.gitignore
@@ -0,0 +1 @@
+gost
diff --git a/cmd/gost/main.go b/cmd/gost/main.go
index 6456987..0789afa 100644
--- a/cmd/gost/main.go
+++ b/cmd/gost/main.go
@@ -1,17 +1,17 @@
 package main
 
 import (
-	"crypto/tls"
 	"encoding/json"
 	"flag"
 	"fmt"
-	"github.com/ginuerzh/gost"
-	"github.com/golang/glog"
-	"golang.org/x/net/http2"
 	"io/ioutil"
 	"os"
 	"runtime"
 	"sync"
+
+	"github.com/ginuerzh/gost"
+	"github.com/golang/glog"
+	"golang.org/x/net/http2"
 )
 
 var (
@@ -68,18 +68,7 @@ func main() {
 		wg.Add(1)
 		go func(node gost.ProxyNode) {
 			defer wg.Done()
-			certFile, keyFile := node.Get("cert"), node.Get("key")
-			if certFile == "" {
-				certFile = gost.DefaultCertFile
-			}
-			if keyFile == "" {
-				keyFile = gost.DefaultKeyFile
-			}
-			cert, err := gost.LoadCertificate(certFile, keyFile)
-			if err != nil {
-				glog.Fatal(err)
-			}
-			server := gost.NewProxyServer(node, chain, &tls.Config{Certificates: []tls.Certificate{cert}})
+			server := gost.NewProxyServer(node, chain)
 			glog.Fatal(server.Serve())
 		}(serverNode)
 	}
diff --git a/gost.go b/gost.go
index 50f4085..aa53bf6 100644
--- a/gost.go
+++ b/gost.go
@@ -4,11 +4,12 @@ import (
 	"crypto/tls"
 	"encoding/base64"
 	"errors"
-	"github.com/golang/glog"
 	"io"
 	"net"
 	"strings"
 	"time"
+
+	"github.com/golang/glog"
 )
 
 const (
diff --git a/server.go b/server.go
index 5e1f0e8..b4867ee 100644
--- a/server.go
+++ b/server.go
@@ -3,17 +3,18 @@ package gost
 import (
 	"bufio"
 	"crypto/tls"
-	"github.com/ginuerzh/gosocks4"
-	"github.com/ginuerzh/gosocks5"
-	"github.com/golang/glog"
-	ss "github.com/shadowsocks/shadowsocks-go/shadowsocks"
-	"golang.org/x/crypto/ssh"
 	"io"
 	"io/ioutil"
 	"net"
 	"net/http"
 	"strconv"
 	"strings"
+
+	"github.com/ginuerzh/gosocks4"
+	"github.com/ginuerzh/gosocks5"
+	"github.com/golang/glog"
+	ss "github.com/shadowsocks/shadowsocks-go/shadowsocks"
+	"golang.org/x/crypto/ssh"
 )
 
 type ProxyServer struct {
@@ -25,13 +26,22 @@ type ProxyServer struct {
 	ota       bool
 }
 
-func NewProxyServer(node ProxyNode, chain *ProxyChain, config *tls.Config) *ProxyServer {
+func NewProxyServer(node ProxyNode, chain *ProxyChain) *ProxyServer {
+	certFile, keyFile := node.certFile(), node.keyFile()
+
+	cert, err := LoadCertificate(certFile, keyFile)
+
+	if err != nil {
+		glog.Fatal(err)
+	}
+
+	config := &tls.Config{
+		Certificates: []tls.Certificate{cert},
+	}
+
 	if chain == nil {
 		chain = NewProxyChain()
 	}
-	if config == nil {
-		config = &tls.Config{}
-	}
 
 	var cipher *ss.Cipher
 	var ota bool