diff --git a/conf/frpc_full.ini b/conf/frpc_full.ini
index 7aacfeb..f47c1f2 100644
--- a/conf/frpc_full.ini
+++ b/conf/frpc_full.ini
@@ -52,6 +52,10 @@ protocol = tcp
 # if tls_enable is true, frpc will connect frps by tls
 tls_enable = true
 
+# tls_cert_file = client.crt
+# tls_key_file = client.key
+# tls_trusted_ca_file = ca.crt
+
 # specify a dns server, so frpc will use this instead of default one
 # dns_server = 8.8.8.8
 
diff --git a/conf/frps_full.ini b/conf/frps_full.ini
index c0ffb76..969bbe2 100644
--- a/conf/frps_full.ini
+++ b/conf/frps_full.ini
@@ -103,6 +103,10 @@ max_ports_per_client = 0
 # TlsOnly specifies whether to only accept TLS-encrypted connections. By default, the value is false.
 tls_only = false
 
+# tls_cert_file = server.crt
+# tls_key_file = server.key
+# tls_trusted_ca_file = ca.crt
+
 # if subdomain_host is not empty, you can set subdomain when type is http or https in frpc's configure file
 # when subdomain is test, the host used by routing is test.frps.com
 subdomain_host = frps.com
diff --git a/models/config/client_common.go b/models/config/client_common.go
index dd6d3a9..1fe148f 100644
--- a/models/config/client_common.go
+++ b/models/config/client_common.go
@@ -350,17 +350,16 @@ func (cfg *ClientCommonConf) Check() (err error) {
 
 	if cfg.TLSEnable == false {
 		if cfg.TLSCertFile != "" {
-			fmt.Println("WARNING! Because tls_enable is not true, so tls_cert_file will not make sense")
+			fmt.Println("WARNING! tls_cert_file is invalid when tls_enable is false")
 		}
 
 		if cfg.TLSKeyFile != "" {
-			fmt.Println("WARNING! Because tls_enable is not true, so tls_key_file will not make sense")
+			fmt.Println("WARNING! tls_key_file is invalid when tls_enable is false")
 		}
 
 		if cfg.TLSTrustedCaFile != "" {
-			fmt.Println("WARNING! Because tls_enable is not true, so tls_trusted_ca_file will not make sense")
+			fmt.Println("WARNING! tls_trusted_ca_file is invalid when tls_enable is false")
 		}
 	}
-
 	return
 }
diff --git a/models/config/server_common.go b/models/config/server_common.go
index 0c33558..1690aa0 100644
--- a/models/config/server_common.go
+++ b/models/config/server_common.go
@@ -448,6 +448,7 @@ func UnmarshalServerConfFromIni(content string) (cfg ServerCommonConf, err error
 
 	if tmpStr, ok := conf.Get("common", "tls_trusted_ca_file"); ok {
 		cfg.TLSTrustedCaFile = tmpStr
+		cfg.TLSOnly = true
 	}
 
 	return
@@ -471,12 +472,6 @@ func UnmarshalPluginsFromIni(sections ini.File, cfg *ServerCommonConf) {
 	}
 }
 
-func (cfg *ServerCommonConf) Check() (err error) {
-	if cfg.TLSOnly == false {
-		if cfg.TLSTrustedCaFile != "" {
-			err = fmt.Errorf("Parse conf error: forbidden tls_trusted_ca_file, it only works when tls_only is true")
-			return
-		}
-	}
-	return
+func (cfg *ServerCommonConf) Check() error {
+	return nil
 }