diff --git a/include/proto/openssl-compat.h b/include/proto/openssl-compat.h
index ea92072e5..9b671095d 100644
--- a/include/proto/openssl-compat.h
+++ b/include/proto/openssl-compat.h
@@ -89,6 +89,19 @@ static inline int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned cha
 }
 #endif
 
+#if (OPENSSL_VERSION_NUMBER < 0x10002000L) || defined(LIBRESSL_VERSION_NUMBER)
+/*
+ * Functions introduced in OpenSSL 1.0.2 and not yet present in LibreSSL
+ */
+EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
+{
+	if (ctx->cert != NULL)
+		return ctx->cert->key->privatekey;
+	else
+		return NULL;
+}
+#endif
+
 #if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)
 /*
  * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b4d4e14fe..d81dd70cb 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1586,8 +1586,8 @@ ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL
 	unsigned int  i;
 	int 	      key_type;
 
-	/* Get the private key of the defautl certificate and use it */
-	if (!(pkey = SSL_get_privatekey(ssl)))
+	/* Get the private key of the default certificate and use it */
+	if (!(pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx)))
 		goto mkcert_error;
 
 	/* Create the certificate */