diff --git a/nacp.go b/nacp.go
index c24f71f..711f114 100644
--- a/nacp.go
+++ b/nacp.go
@@ -470,7 +470,7 @@ func buildServer(c *config.Config, appLogger hclog.Logger) (*http.Server, error)
 	var tlsConfig *tls.Config
 
 	if c.Tls != nil && c.Tls.CaFile != "" {
-		tlsConfig, err = createTlsConfig(c)
+		tlsConfig, err = createTlsConfig(c.Tls.CaFile, c.Tls.NoClientCert)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create tls config: %w", err)
 
@@ -505,15 +505,15 @@ func buildConfig(logger hclog.Logger) *config.Config {
 	return c
 }
 
-func createTlsConfig(c *config.Config) (*tls.Config, error) {
-	caCert, err := os.ReadFile(c.Tls.CaFile)
+func createTlsConfig(caFile string, noClientCert bool) (*tls.Config, error) {
+	caCert, err := os.ReadFile(caFile)
 	if err != nil {
 		return nil, err
 	}
 	caCertPool := x509.NewCertPool()
 	caCertPool.AppendCertsFromPEM(caCert)
 	clientAuth := tls.RequireAndVerifyClientCert
-	if c.Tls.NoClientCert {
+	if noClientCert {
 		clientAuth = tls.NoClientCert
 	}
 	tlsConfig := &tls.Config{
diff --git a/nacp_test.go b/nacp_test.go
index 69371e6..2e53207 100644
--- a/nacp_test.go
+++ b/nacp_test.go
@@ -717,7 +717,7 @@ func TestCreateMutatators(t *testing.T) {
 func TestCreateTlsConfig(t *testing.T) {
 	caCertFileName, _, _, _, cleanup := generateTLSData(t)
 	defer cleanup()
-	config, err := createTlsConfig(caCertFileName)
+	config, err := createTlsConfig(caCertFileName, false)
 	assert.NoError(t, err)
 	assert.NotNil(t, config)
 }