diff --git a/libfreerdp-core/crypto.c b/libfreerdp-core/crypto.c
index bea62cacd..31dc2b23d 100644
--- a/libfreerdp-core/crypto.c
+++ b/libfreerdp-core/crypto.c
@@ -279,7 +279,7 @@ char* crypto_cert_fingerprint(X509* xcert)
 	return fp_buffer;
 }
 
-boolean x509_verify_cert(CryptoCert cert)
+boolean x509_verify_cert(CryptoCert cert, rdpSettings* settings)
 {
 	char* cert_loc;
 	X509_STORE_CTX* csc;
@@ -305,7 +305,7 @@ boolean x509_verify_cert(CryptoCert cert)
 		goto end;
 
 	X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
-	cert_loc = get_local_certloc();
+	cert_loc = get_local_certloc(settings->home_path);
 
 	if(cert_loc != NULL)
 	{
diff --git a/libfreerdp-core/crypto.h b/libfreerdp-core/crypto.h
index 26b786bcd..7e955cbfe 100644
--- a/libfreerdp-core/crypto.h
+++ b/libfreerdp-core/crypto.h
@@ -112,7 +112,7 @@ CryptoCert crypto_cert_read(uint8* data, uint32 length);
 char* cypto_cert_fingerprint(X509* xcert);
 void crypto_cert_print_info(X509* xcert);
 void crypto_cert_free(CryptoCert cert);
-boolean x509_verify_cert(CryptoCert cert);
+boolean x509_verify_cert(CryptoCert cert, rdpSettings* settings);
 boolean crypto_cert_verify(CryptoCert server_cert, CryptoCert cacert);
 rdpCertData* crypto_get_cert_data(X509* xcert, char* hostname);
 boolean crypto_cert_get_public_key(CryptoCert cert, rdpBlob* public_key);
diff --git a/libfreerdp-core/tls.c b/libfreerdp-core/tls.c
index ad8cebf32..940131d55 100644
--- a/libfreerdp-core/tls.c
+++ b/libfreerdp-core/tls.c
@@ -246,7 +246,7 @@ int tls_verify_certificate(CryptoCert cert, rdpSettings* settings, char* hostnam
 {
 	boolean status;
 	rdpCertStore* certstore;
-	status = x509_verify_cert(cert);
+	status = x509_verify_cert(cert, settings);
 
 	if (status != True)
 	{
diff --git a/libfreerdp-utils/certstore.c b/libfreerdp-utils/certstore.c
index 871891eb8..1413351f7 100644
--- a/libfreerdp-utils/certstore.c
+++ b/libfreerdp-utils/certstore.c
@@ -58,16 +58,16 @@ void certstore_close(rdpCertStore* certstore)
 		fclose(certstore->fp);
 }
 
-char* get_local_certloc()
+char* get_local_certloc(char* home_path)
 {
-	char* home_path;
 	char* certloc;
 	struct stat stat_info;
 
-	home_path = getenv("HOME");
+	if (home_path == NULL)
+		home_path = getenv("HOME");
 
-	certloc = (char*) xmalloc(strlen(home_path) + strlen("/.") + strlen(cert_dir) + strlen("/") + strlen(cert_loc) + 1);
-	sprintf(certloc,"%s/.%s/%s",home_path,cert_dir,cert_loc);
+	certloc = (char*) xmalloc(strlen(home_path) + 2 + strlen(cert_dir) + 1 + strlen(cert_loc) + 1);
+	sprintf(certloc, "%s/.%s/%s", home_path, cert_dir, cert_loc);
 
 	if(stat((char*) certloc, &stat_info) != 0)
 		freerdp_mkdir(certloc);