diff --git a/etc/emq.conf b/etc/emq.conf
index 7bde1b804..9509bcc4d 100644
--- a/etc/emq.conf
+++ b/etc/emq.conf
@@ -240,7 +240,7 @@ mqtt.listener.ssl.max_clients = 512
 mqtt.listener.ssl.handshake_timeout = 15
 mqtt.listener.ssl.keyfile = etc/certs/key.pem
 mqtt.listener.ssl.certfile = etc/certs/cert.pem
-mqtt.listener.ssl.cacertfile = etc/certs/cacert.pem
+## mqtt.listener.ssl.cacertfile = etc/certs/cacert.pem
 ## mqtt.listener.ssl.verify = verify_peer
 ## mqtt.listener.ssl.failed_if_no_peer_cert = true
 
diff --git a/priv/emq.schema b/priv/emq.schema
index 8ef0e0449..c33858565 100644
--- a/priv/emq.schema
+++ b/priv/emq.schema
@@ -533,7 +533,7 @@ end}.
 ]}.
 
 {mapping, "mqtt.listener.ssl.verify", "emqttd.listeners", [
-  {datatype, string}
+  {datatype, atom}
 ]}.
 
 {mapping, "mqtt.listener.ssl.failed_if_no_peer_cert", "emqttd.listeners", [
@@ -589,7 +589,7 @@ end}.
 ]}.
 
 {mapping, "mqtt.listener.https.verify", "emqttd.listeners", [
-  {datatype, string}
+  {datatype, atom}
 ]}.
 
 {mapping, "mqtt.listener.https.failed_if_no_peer_cert", "emqttd.listeners", [
@@ -615,8 +615,8 @@ end}.
                           {keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
                           {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
                           {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)},
-                          {verify,     cuttlefish:conf_get(Prefix ++ ".verify_peer", Conf, undefined)},
-                          {failed_if_no_peer_cert, cuttlefish:conf_get(Prefix ++ "failed_if_no_peer_cert", Conf, undefined)}])
+                          {verify,     cuttlefish:conf_get(Prefix ++ ".verify", Conf, undefined)},
+                          {failed_if_no_peer_cert, cuttlefish:conf_get(Prefix ++ ".failed_if_no_peer_cert", Conf, undefined)}])
               end,
 
     Listeners = fun(Name) when is_atom(Name) ->