diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md
index 7d4948f7c..e5076436e 100644
--- a/Documentation/Getting-Started/Configuration-Guide.md
+++ b/Documentation/Getting-Started/Configuration-Guide.md
@@ -1078,8 +1078,8 @@ REST API. The default credentials for the interface are `admin:mariadb`.
 
 The path to the TLS private key in PEM format for the admin interface.
 
-If the `admin_ssl_key`, `admin_ssl_cert` and `admin_ssl_ca_cert` options are all
-defined, the admin interface will use encrypted HTTPS instead of plain HTTP.
+If the `admin_ssl_key` and `admin_ssl_cert` options are all defined, the admin
+interface will use encrypted HTTPS instead of plain HTTP.
 
 ### `admin_ssl_cert`
 
@@ -1088,8 +1088,9 @@ documentation for more details.
 
 ### `admin_ssl_ca_cert`
 
-The path to the TLS CA certificate in PEM format. See `admin_ssl_key`
-documentation for more details.
+The path to the TLS CA certificate in PEM format. If defined, the client
+certificate, if provided, will be validated against it. This parameter is
+optional starting with MaxScale 2.3.19.
 
 ### `admin_enabled`
 
diff --git a/server/core/admin.cc b/server/core/admin.cc
index a164600c4..f2adccd14 100644
--- a/server/core/admin.cc
+++ b/server/core/admin.cc
@@ -349,11 +349,13 @@ static bool load_ssl_certificates()
     const char* cert = config_get_global_options()->admin_ssl_cert;
     const char* ca = config_get_global_options()->admin_ssl_ca_cert;
 
-    if (*key && *cert && *ca)
+    if (*key && *cert)
     {
-        if ((admin_ssl_key = load_cert(key))
-            && (admin_ssl_cert = load_cert(cert))
-            && (admin_ssl_ca_cert = load_cert(ca)))
+        admin_ssl_key = load_cert(key);
+        admin_ssl_cert = load_cert(cert);
+        admin_ssl_ca_cert = load_cert(ca);
+
+        if (admin_ssl_key && admin_ssl_cert)
         {
             rval = true;
         }
@@ -412,7 +414,8 @@ bool mxs_admin_init()
                                        !using_ssl ? MHD_OPTION_END :
                                        MHD_OPTION_HTTPS_MEM_KEY, admin_ssl_key,
                                        MHD_OPTION_HTTPS_MEM_CERT, admin_ssl_cert,
-                                       MHD_OPTION_HTTPS_MEM_TRUST, admin_ssl_cert,
+                                       !admin_ssl_ca_cert ? MHD_OPTION_END :
+                                       MHD_OPTION_HTTPS_MEM_TRUST, admin_ssl_ca_cert,
                                        MHD_OPTION_END);
     }