diff --git a/client/client.go b/client/client.go
index f1022f444..f20b85c54 100644
--- a/client/client.go
+++ b/client/client.go
@@ -414,6 +414,7 @@ func (c *Client) reloadTLSConnections(newConfig *nconfig.TLSConfig) error {
 	// decide on what type of connections to accept
 	c.configLock.Lock()
 	c.config.TLSConfig = newConfig
+	c.config.TLSConfig.SetChecksum()
 	c.configLock.Unlock()
 
 	c.connPool.ReloadTLS(tlsWrap)
diff --git a/nomad/server.go b/nomad/server.go
index b61b0d53d..0323ebd14 100644
--- a/nomad/server.go
+++ b/nomad/server.go
@@ -471,6 +471,7 @@ func (s *Server) reloadTLSConnections(newTLSConfig *config.TLSConfig) error {
 	// access to config information, such as rpc.go, where we decide on what kind
 	// of network connections to accept depending on the server configuration
 	s.config.TLSConfig = newTLSConfig
+	s.config.TLSConfig.SetChecksum()
 
 	s.rpcTLS = incomingTLS
 	s.connPool.ReloadTLS(tlsWrap)
diff --git a/nomad/server_test.go b/nomad/server_test.go
index 962abbc8d..3bdb58e7e 100644
--- a/nomad/server_test.go
+++ b/nomad/server_test.go
@@ -427,6 +427,7 @@ func TestServer_Reload_TLSConnections_PlaintextToTLS_OnlyRPC(t *testing.T) {
 
 	err := s1.reloadTLSConnections(newTLSConfig)
 	assert.Nil(err)
+	assert.True(s1.config.TLSConfig.EnableRPC)
 	assert.True(s1.config.TLSConfig.CertificateInfoIsEqual(newTLSConfig))
 
 	codec := rpcClient(t, s1)