diff --git a/lib/server/utils.js b/lib/server/utils.js
index 587eef7aa..13a5cb737 100644
--- a/lib/server/utils.js
+++ b/lib/server/utils.js
@@ -2,7 +2,7 @@
 
 var fs           = require("fs");
 var path         = require("path");
-var filePath     = require("path");
+var join         = require("path").join;
 var connect      = require("connect");
 var Immutable    = require("immutable");
 var http         = require("http");
@@ -18,29 +18,61 @@ var snippetUtils = require("../snippet").utils;
 var lrSnippet    = require("resp-modifier");
 var utils        = require("../utils");
 
+function getCa (options) {
+    var caOption = options.getIn(["https", "ca"]);
+    // if not provided, use Browsersync self-signed
+    if (typeof caOption === "undefined") {
+        return fs.readFileSync(join(__dirname, "certs", "server.csr"));
+    }
+    // if a string was given, read that file from disk
+    if (typeof caOption === "string") {
+        return fs.readFileSync(caOption);
+    }
+    // if an array was given, read all
+    if (List.isList(caOption)) {
+        return caOption.toArray().map(function (x) {
+            return fs.readFileSync(x);
+        });
+    }
+}
+
+function getKey(options) {
+    return fs.readFileSync(options.getIn(["https", "key"])  || join(__dirname, "certs", "server.key"));
+}
+
+function getCert(options) {
+    return fs.readFileSync(options.getIn(["https", "cert"]) || join(__dirname, "certs", "server.crt"));
+}
+
+function getHttpsServerDefaults (options) {
+    return fromJS({
+        key: getKey(options),
+        cert: getCert(options),
+        ca: getCa(options),
+        passphrase: ""
+    });
+}
+
+function getPFXDefaults (options) {
+    return fromJS({
+        pfx: fs.readFileSync(options.getIn(["https", "pfx"]))
+    });
+}
+
 var serverUtils = {
     /**
      * @param options
      * @returns {{key, cert}}
      */
-    getKeyAndCert: function (options) {
-        return {
-            key: fs.readFileSync(options.getIn(["https", "key"])  || filePath.join(__dirname, "certs/server.key")),
-            cert: fs.readFileSync(options.getIn(["https", "cert"]) || filePath.join(__dirname, "certs/server.crt")),
-            ca: fs.readFileSync(options.getIn(["https", "ca"]) || filePath.join(__dirname, "certs/server.csr")),
-            passphrase: options.getIn(["https", "passphrase"]) || ""
-        };
-    },
-    /**
-     * @param filePath
-     * @param passphrase
-     * @returns {{pfx}}
-     */
-    getPFX: function (filePath, passphrase) {
-        return {
-            pfx: fs.readFileSync(filePath),
-            passphrase: passphrase,
-        };
+    getHttpsOptions: function (options) {
+        var userOption = options.get("https");
+        if (Map.isMap(userOption)) {
+            if (userOption.has("pfx")) {
+                return userOption.mergeDeep(getPFXDefaults(options));
+            }
+            return userOption.mergeDeep(getHttpsServerDefaults(options));
+        }
+        return getHttpsServerDefaults(options);
     },
     /**
      * Get either http or https server
@@ -53,11 +85,8 @@ var serverUtils = {
                 var httpModule = serverUtils.getHttpModule(options);
 
                 if (options.get("scheme") === "https") {
-                    var pfxPath = options.getIn(["https", "pfx"]);
-                    var pfxPassphrase = options.getIn(["https", "pfxPassphrase"]);
-                    return pfxPath ?
-                        httpModule.createServer(serverUtils.getPFX(pfxPath, pfxPassphrase), app) :
-                        httpModule.createServer(serverUtils.getKeyAndCert(options), app);
+                    var opts = serverUtils.getHttpsOptions(options);
+                    return httpModule.createServer(opts.toJS(), app);
                 }
 
                 return httpModule.createServer(app);