diff --git a/src/lib/deskflow/App.h b/src/lib/deskflow/App.h
index 2de702ca7..51dcfa9f9 100644
--- a/src/lib/deskflow/App.h
+++ b/src/lib/deskflow/App.h
@@ -130,8 +130,7 @@ private:
 #endif
 constexpr static auto s_helpGeneralArgs = //
     "  -1, --no-restart         do not try to restart on failure.\n"
-    "*     --restart            restart the server automatically if it fails.\n"
-    "      --tls-cert           specify the path to the TLS certificate file.\n";
+    "*     --restart            restart the server automatically if it fails.\n";
 
 constexpr static auto s_helpVersionArgs = //
     "  -h, --help               display this help and exit.\n";
diff --git a/src/lib/deskflow/ArgParser.cpp b/src/lib/deskflow/ArgParser.cpp
index 9ec4096a8..5c15b9c2e 100644
--- a/src/lib/deskflow/ArgParser.cpp
+++ b/src/lib/deskflow/ArgParser.cpp
@@ -139,8 +139,6 @@ bool ArgParser::parseGenericArgs(int argc, const char *const *argv, int &i) cons
     // HACK: stop error happening when using portable (deskflowp)
   } else if (isArg(i, argc, argv, nullptr, "--client")) {
     // HACK: stop error happening when using portable (deskflowp)
-  } else if (isArg(i, argc, argv, nullptr, "--tls-cert", 1)) {
-    argsBase().m_tlsCertFile = argv[++i];
   } else if (isArg(i, argc, argv, nullptr, "--prevent-sleep")) {
     argsBase().m_preventSleep = true;
   } else {
diff --git a/src/lib/deskflow/ArgsBase.h b/src/lib/deskflow/ArgsBase.h
index e7de90133..6e06e5bec 100644
--- a/src/lib/deskflow/ArgsBase.h
+++ b/src/lib/deskflow/ArgsBase.h
@@ -50,9 +50,6 @@ public:
   /// @brief Will cause the application to exit with fail code when set to true
   bool m_shouldExitFail = false;
 
-  /// @brief Contains the location of the TLS certificate file
-  std::string m_tlsCertFile;
-
   /// @brief Stop this computer from sleeping
   bool m_preventSleep = false;
 
diff --git a/src/lib/deskflow/CoreArgParser.cpp b/src/lib/deskflow/CoreArgParser.cpp
index 880800227..4ff8d4524 100644
--- a/src/lib/deskflow/CoreArgParser.cpp
+++ b/src/lib/deskflow/CoreArgParser.cpp
@@ -79,6 +79,10 @@ void CoreArgParser::parse()
         );
     Settings::setValue(Settings::Security::TlsEnabled, value);
   }
+
+  if (m_parser.isSet(CoreArgs::tlsCertOption)) {
+    Settings::setValue(Settings::Security::Certificate, m_parser.value(CoreArgs::tlsCertOption));
+  }
 }
 
 [[noreturn]] void CoreArgParser::showHelpText() const
diff --git a/src/lib/deskflow/CoreArgs.h b/src/lib/deskflow/CoreArgs.h
index bc7ae780c..61a045c7d 100644
--- a/src/lib/deskflow/CoreArgs.h
+++ b/src/lib/deskflow/CoreArgs.h
@@ -41,6 +41,9 @@ struct CoreArgs
   inline static const auto secureOption =
       QCommandLineOption("secure", "Enable TLS encryption (default: true)", "value");
 
+  inline static const auto tlsCertOption =
+      QCommandLineOption("tls-cert", "Use file in place of default TLS certificate path", "file");
+
   inline static const auto options = {helpOption, versionOption,  configOption,  interfaceOption, portOption,
-                                      nameOption, logLevelOption, logFileOption, secureOption};
+                                      nameOption, logLevelOption, logFileOption, secureOption,  tlsCertOption};
 };
diff --git a/src/lib/gui/core/CoreProcess.cpp b/src/lib/gui/core/CoreProcess.cpp
index dd813c4b1..df72bfee3 100644
--- a/src/lib/gui/core/CoreProcess.cpp
+++ b/src/lib/gui/core/CoreProcess.cpp
@@ -485,14 +485,6 @@ bool CoreProcess::addServerArgs(QStringList &args)
   // bizarrely, the tls cert path arg was being given to the core client.
   // since it's not clear why (it is only needed for the server), this has now
   // been moved to server args.
-  if (Settings::value(Settings::Security::TlsEnabled).toBool()) {
-    if (TlsUtility tlsUtility(this); !tlsUtility.persistCertificate()) {
-      qCritical("failed to persist tls certificate");
-      return false;
-    }
-    args << "--tls-cert" << Settings::value(Settings::Security::Certificate).toString();
-  }
-
   return true;
 }
 
diff --git a/src/lib/net/SecureListenSocket.cpp b/src/lib/net/SecureListenSocket.cpp
index d15dcf133..740f709a2 100644
--- a/src/lib/net/SecureListenSocket.cpp
+++ b/src/lib/net/SecureListenSocket.cpp
@@ -44,14 +44,8 @@ std::unique_ptr<IDataSocket> SecureListenSocket::accept()
     setListeningJob();
 
     // default location of the TLS cert file in users dir
-    std::string certificateFilename = Settings::value(Settings::Security::Certificate).toString().toStdString();
-
-    // if the tls cert option is set use that for the certificate file
-    if (!ArgParser::argsBase().m_tlsCertFile.empty()) {
-      certificateFilename = ArgParser::argsBase().m_tlsCertFile;
-    }
-
-    if (!secureSocket->loadCertificates(certificateFilename)) {
+    if (const auto certificateFilename = Settings::value(Settings::Security::Certificate).toString().toStdString();
+        !secureSocket->loadCertificates(certificateFilename)) {
       return nullptr;
     }
 
diff --git a/src/unittests/deskflow/ArgParserTests.cpp b/src/unittests/deskflow/ArgParserTests.cpp
index 51b0d382a..fdcfdb172 100644
--- a/src/unittests/deskflow/ArgParserTests.cpp
+++ b/src/unittests/deskflow/ArgParserTests.cpp
@@ -238,13 +238,12 @@ void ArgParserTests::client_commonArgs()
 {
   deskflow::ClientArgs clientArgs;
   clientArgs.m_enableLangSync = false;
-  const int argc = 4;
-  std::array<const char *, argc> kLangCmd = {"stub", "--tls-cert", "tlsCertPath", "--prevent-sleep"};
+  const int argc = 2;
+  std::array<const char *, argc> kLangCmd = {"stub", "--prevent-sleep"};
 
   m_parser.parseClientArgs(clientArgs, argc, kLangCmd.data());
 
   QVERIFY(clientArgs.m_preventSleep);
-  QCOMPARE(clientArgs.m_tlsCertFile, "tlsCertPath");
 }
 
 void ArgParserTests::client_setAddress()
diff --git a/src/unittests/deskflow/CoreArgParserTests.cpp b/src/unittests/deskflow/CoreArgParserTests.cpp
index 2ca164c91..740a67f37 100644
--- a/src/unittests/deskflow/CoreArgParserTests.cpp
+++ b/src/unittests/deskflow/CoreArgParserTests.cpp
@@ -150,4 +150,14 @@ void CoreArgParserTests::secure_1()
   QVERIFY(Settings::value(Settings::Security::TlsEnabled).toBool());
 }
 
+void CoreArgParserTests::tlsCert()
+{
+  QStringList args = {"stub", "client", "--tls-cert", "certFile"};
+
+  CoreArgParser parser(args);
+  parser.parse();
+
+  QCOMPARE(Settings::value(Settings::Security::Certificate).toString(), "certFile");
+}
+
 QTEST_MAIN(CoreArgParserTests)
diff --git a/src/unittests/deskflow/CoreArgParserTests.h b/src/unittests/deskflow/CoreArgParserTests.h
index 9d3548f11..ead093c01 100644
--- a/src/unittests/deskflow/CoreArgParserTests.h
+++ b/src/unittests/deskflow/CoreArgParserTests.h
@@ -27,6 +27,7 @@ private Q_SLOTS:
   void secure_true();
   void secure_0();
   void secure_1();
+  void tlsCert();
 
 private:
   inline static const QString m_settingsPath = QStringLiteral("tmp/test");