diff --git a/include/haproxy/ssl_ckch.h b/include/haproxy/ssl_ckch.h
index 37f926582..e6356637f 100644
--- a/include/haproxy/ssl_ckch.h
+++ b/include/haproxy/ssl_ckch.h
@@ -82,7 +82,7 @@ extern struct cert_exts cert_exts[];
 extern int (*ssl_commit_crlfile_cb)(const char *path, X509_STORE *ctx, char **err);
 
 /* ckch_conf keyword loading */
-static inline int ckch_conf_load_pem(void *value, char *buf, struct ckch_data *d, int cli, char **err) { if (cli) return 0; return ssl_sock_load_files_into_ckch(value, d, err); }
+static inline int ckch_conf_load_pem(void *value, char *buf, struct ckch_data *d, int cli, char **err) { if (cli) return 0; return ssl_sock_load_pem_into_ckch(value, buf, d, err); }
 static inline int ckch_conf_load_key(void *value, char *buf, struct ckch_data *d, int cli, char **err) { if (cli) return 0; return ssl_sock_load_key_into_ckch(value, buf, d, err); }
 static inline int ckch_conf_load_ocsp_response(void *value, char *buf, struct ckch_data *d, int cli, char **err) { if (cli) return 0; return ssl_sock_load_ocsp_response_from_file(value, buf, d, err); }
 static inline int ckch_conf_load_ocsp_issuer(void *value, char *buf, struct ckch_data *d, int cli, char **err) { if (cli) return 0; return ssl_sock_load_issuer_file_into_ckch(value, buf, d, err); }
diff --git a/reg-tests/ssl/crt_store.vtc b/reg-tests/ssl/crt_store.vtc
index 3b61712d8..685183ed9 100644
--- a/reg-tests/ssl/crt_store.vtc
+++ b/reg-tests/ssl/crt_store.vtc
@@ -1,4 +1,4 @@
-#REGTEST_TYPE=broken
+#REGTEST_TYPE=devel
 varnishtest "Test the crt-store section"
 feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(3.0-dev7)'"
 feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL)'"
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 9961e025b..b178078d8 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -1024,6 +1024,7 @@ struct ckch_store *ckch_store_new_load_files_conf(char *name, struct ckch_conf *
 {
 	struct ckch_store *ckchs;
 	int cfgerr = ERR_NONE;
+	char *tmpcrt = conf->crt;
 
 	ckchs = ckch_store_new(name);
 	if (!ckchs) {
@@ -1031,10 +1032,25 @@ struct ckch_store *ckch_store_new_load_files_conf(char *name, struct ckch_conf *
 		goto end;
 	}
 
+	/* this is done for retro-compatibility. When no "filename" crt-store
+	 * options were configured in a crt-list, try to load the files by
+	 * auto-detecting them. */
+	if ((conf->used == CKCH_CONF_SET_EMPTY || conf->used == CKCH_CONF_SET_CRTLIST) &&
+		(!conf->key && !conf->ocsp && !conf->issuer && !conf->sctl)) {
+		cfgerr = ssl_sock_load_files_into_ckch(conf->crt, ckchs->data, err);
+		if (cfgerr & ERR_FATAL)
+			goto end;
+		/* set conf->crt to NULL so it's not erased */
+		conf->crt = NULL;
+	}
+
+	/* load files using the ckch_conf */
 	cfgerr = ckch_store_load_files(conf, ckchs, 0, err);
 	if (cfgerr & ERR_FATAL)
 		goto end;
 
+	conf->crt = tmpcrt;
+
 	/* insert into the ckchs tree */
 	memcpy(ckchs->path, name, strlen(name) + 1);
 	ebst_insert(&ckchs_tree, &ckchs->node);
diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index d1c7ef992..71fa0a0b1 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -606,13 +606,9 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
 		if (ckchs == NULL) {
 			if (stat(crt_path, &buf) == 0) {
 				found++;
-				if (cc.used) {
-					free(cc.crt);
-					cc.crt = strdup(crt_path);
-					ckchs = ckch_store_new_load_files_conf(crt_path, &cc, err);
-				} else {
-					ckchs = ckch_store_new_load_files_path(crt_path, err);
-				}
+				free(cc.crt);
+				cc.crt = strdup(crt_path);
+				ckchs = ckch_store_new_load_files_conf(crt_path, &cc, err);
 				if (ckchs == NULL) {
 					cfgerr |= ERR_ALERT | ERR_FATAL;
 					goto error;