diff --git a/gluon/contrib/login_methods/ldap_auth.py b/gluon/contrib/login_methods/ldap_auth.py
index 3b793de1..4c07b757 100644
--- a/gluon/contrib/login_methods/ldap_auth.py
+++ b/gluon/contrib/login_methods/ldap_auth.py
@@ -169,14 +169,6 @@ def ldap_auth(server='ldap',
     You can set the logging level with the "logging_level" parameter, default
     is "error" and can be set to error, warning, info, debug.
     """
-
-    if self_signed_certificate:
-        # NOTE : If you have a self-signed SSL Certificate pointing over "port=686" and "secure=True" alone
-        #        will not work, you need also to set "self_signed_certificate=True".
-        # Ref1: https://onemoretech.wordpress.com/2015/06/25/connecting-to-ldap-over-self-signed-tls-with-python/
-        # Ref2: http://bneijt.nl/blog/post/connecting-to-ldaps-with-self-signed-cert-using-python/
-        ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
-
     logger = logging.getLogger('web2py.auth.ldap_auth')
     if logging_level == 'error':
         logger.setLevel(logging.ERROR)
@@ -601,7 +593,14 @@ def ldap_auth(server='ldap',
         if secure:
             if not ldap_port:
                 ldap_port = 636
-                
+
+            if self_signed_certificate:
+                # NOTE : If you have a self-signed SSL Certificate pointing over "port=686" and "secure=True" alone
+                #        will not work, you need also to set "self_signed_certificate=True".
+                # Ref1: https://onemoretech.wordpress.com/2015/06/25/connecting-to-ldap-over-self-signed-tls-with-python/
+                # Ref2: http://bneijt.nl/blog/post/connecting-to-ldaps-with-self-signed-cert-using-python/
+                ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
+
             if cacert_path:
                 ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, cacert_path)