diff --git a/daemons/ganeti-noded b/daemons/ganeti-noded
index 6fca2b1e910ed54f83b354df85d4a413b7be3321..75e9f819b4fdf418828ee04b7c29226ebe63b62a 100755
--- a/daemons/ganeti-noded
+++ b/daemons/ganeti-noded
@@ -732,16 +732,6 @@ class NodeHttpServer(http.server.HttpServer):
     return backend.ValidateHVParams(hvname, hvparams)
 
 
-def CheckNODED(options, args):
-  """Initial checks whether to run exit with a failure
-
-  """
-  for fname in (constants.SSL_CERT_FILE,):
-    if not os.path.isfile(fname):
-      print "config %s not there, will not run." % fname
-      sys.exit(constants.EXIT_NOTCLUSTER)
-
-
 def ExecNODED(options, args):
   """Main NODED function, executed with the pidfile held.
 
@@ -749,8 +739,11 @@ def ExecNODED(options, args):
   global queue_lock
 
   # Read SSL certificate
-  ssl_params = http.HttpSslParams(ssl_key_path=constants.SSL_CERT_FILE,
-                                  ssl_cert_path=constants.SSL_CERT_FILE)
+  if options.ssl:
+    ssl_params = http.HttpSslParams(ssl_key_path=options.ssl_key,
+                                    ssl_cert_path=options.ssl_cert)
+  else:
+    ssl_params = None
 
   # Prepare job queue
   queue_lock = jstore.InitAndVerifyQueue(must_lock=False)
@@ -776,7 +769,7 @@ def main():
   dirs = [(val, constants.RUN_DIRS_MODE) for val in constants.SUB_RUN_DIRS]
   dirs.append((constants.LOG_OS_DIR, 0750))
   dirs.append((constants.LOCK_DIR, 1777))
-  daemon.GenericMain(constants.NODED, parser, dirs, CheckNODED, ExecNODED)
+  daemon.GenericMain(constants.NODED, parser, dirs, None, ExecNODED)
 
 
 if __name__ == '__main__':
diff --git a/daemons/ganeti-rapi b/daemons/ganeti-rapi
index 178760c2db5c1922413ac07f723b2de511e08242..3208b545e1b10c35861256070eafe03d66a660b3 100755
--- a/daemons/ganeti-rapi
+++ b/daemons/ganeti-rapi
@@ -186,16 +186,6 @@ def CheckRAPI(options, args):
         sys.argv[0]
     sys.exit(constants.EXIT_FAILURE)
 
-  if options.ssl:
-    if not (options.ssl_cert and options.ssl_key):
-      print >> sys.stderr, ("For secure mode please provide "
-                            "--ssl-key and --ssl-cert arguments")
-      sys.exit(constants.EXIT_FAILURE)
-    for fname in (options.ssl_cert, options.ssl_key):
-      if not os.path.isfile(fname):
-        print >> sys.stderr, "config %s not there, will not run." % fname
-        sys.exit(constants.EXIT_FAILURE)
-
   ssconf.CheckMaster(options.debug)
 
 
@@ -228,15 +218,6 @@ def main():
   parser = optparse.OptionParser(description="Ganeti Remote API",
                     usage="%prog [-f] [-d] [-p port] [-b ADDRESS]",
                     version="%%prog (ganeti) %s" % constants.RAPI_VERSION)
-  parser.add_option("--no-ssl", dest="ssl",
-                    help="Do not secure HTTP protocol with SSL",
-                    default=True, action="store_false")
-  parser.add_option("-K", "--ssl-key", dest="ssl_key",
-                    help="SSL key",
-                    default=constants.RAPI_CERT_FILE, type="string")
-  parser.add_option("-C", "--ssl-cert", dest="ssl_cert",
-                    help="SSL certificate",
-                    default=constants.RAPI_CERT_FILE, type="string")
 
   dirs = [(val, constants.RUN_DIRS_MODE) for val in constants.SUB_RUN_DIRS]
   dirs.append((constants.LOG_OS_DIR, 0750))
diff --git a/lib/constants.py b/lib/constants.py
index a01e6208536979a8b05358eda4f5b71a041c37f3..2b0981824ca69e41d526d6e6d23f2354a01b78cb 100644
--- a/lib/constants.py
+++ b/lib/constants.py
@@ -117,6 +117,12 @@ MASTERD = "ganeti-masterd"
 
 MULTITHREADED_DAEMONS = frozenset([MASTERD])
 
+DAEMONS_SSL = {
+  # daemon-name: (default-cert-path, default-key-path)
+  NODED: (SSL_CERT_FILE, SSL_CERT_FILE),
+  RAPI: (RAPI_CERT_FILE, RAPI_CERT_FILE),
+}
+
 DAEMONS_PORTS = {
   # daemon-name: ("proto", "default-port")
   NODED: ("tcp", 1811),
diff --git a/lib/daemon.py b/lib/daemon.py
index 1c63a1b9afff26f598f32e64429c9c1f467d5560..e26d4445eb26be8e876f72858f3195bb1257ace7 100644
--- a/lib/daemon.py
+++ b/lib/daemon.py
@@ -22,6 +22,7 @@
 """Module with helper classes and functions for daemons"""
 
 
+import os
 import select
 import signal
 import errno
@@ -339,11 +340,34 @@ def GenericMain(daemon_name, optionparser, dirs, check_fn, exec_fn):
                             help="Bind address",
                             default="", metavar="ADDRESS")
 
+  if daemon_name in constants.DAEMONS_SSL:
+    default_cert, default_key = constants.DAEMONS_SSL[daemon_name]
+    optionparser.add_option("--no-ssl", dest="ssl",
+                            help="Do not secure HTTP protocol with SSL",
+                            default=True, action="store_false")
+    optionparser.add_option("-K", "--ssl-key", dest="ssl_key",
+                            help="SSL key",
+                            default=default_key, type="string")
+    optionparser.add_option("-C", "--ssl-cert", dest="ssl_cert",
+                            help="SSL certificate",
+                            default=default_cert, type="string")
+
   multithread = utils.no_fork = daemon_name in constants.MULTITHREADED_DAEMONS
 
   options, args = optionparser.parse_args()
 
-  check_fn(options, args)
+  if hasattr(options, 'ssl') and options.ssl:
+    if not (options.ssl_cert and options.ssl_key):
+      print >> sys.stderr, "Need key and certificate to use ssl"
+      sys.exit(constants.EXIT_FAILURE)
+    for fname in (options.ssl_cert, options.ssl_key):
+      if not os.path.isfile(fname):
+        print >> sys.stderr, "Need ssl file %s to run" % fname
+        sys.exit(constants.EXIT_FAILURE)
+
+  if check_fn is not None:
+    check_fn(options, args)
+
   utils.EnsureDirs(dirs)
 
   if options.fork: