diff --git a/tasks/galera_server_setup.yml b/tasks/galera_server_setup.yml
index cc6f6de3..7e424a99 100644
--- a/tasks/galera_server_setup.yml
+++ b/tasks/galera_server_setup.yml
@@ -30,6 +30,7 @@
     path: /var/lib/mysql/mysql_upgrade_info
     search_regex: "^{{ galera_major_version }}.{{ galera_minor_version }}"
 
+# NOTE(noonedeadpunk): We don't need to verify hostname when connectig to socket
 - name: Create galera users
   community.mysql.mysql_user:
     name: "{{ item.name }}"
@@ -38,6 +39,7 @@
     priv: "{{ item.priv }}"
     state: "{{ item.state }}"
     login_unix_socket: "{{ galera_unix_socket }}"
+    check_hostname: false
   with_items:
     - name: "{{ galera_root_user }}"
       host: "%"
diff --git a/templates/client.my.cnf.j2 b/templates/client.my.cnf.j2
index c54aa4ec..b3dfb345 100644
--- a/templates/client.my.cnf.j2
+++ b/templates/client.my.cnf.j2
@@ -10,7 +10,7 @@ user={{ galera_root_user }}
 password={{ galera_root_password }}
 {% if galera_use_ssl %}
 ssl
-{%   if galera_ssl_verify %}
+{%   if galera_ssl_verify and inventory_hostname not in galera_cluster_members %}
 ssl-verify-server-cert
 {%   endif %}
 {% endif %}
diff --git a/templates/debian.cnf.j2 b/templates/debian.cnf.j2
index 6db5aa66..e8c3ac58 100644
--- a/templates/debian.cnf.j2
+++ b/templates/debian.cnf.j2
@@ -1,18 +1,14 @@
 # {{ ansible_managed }}
 
 [client]
-host     = localhost
 user     = root
 password = {{ galera_root_password }}
 socket   = /var/run/mysqld/mysqld.sock
 {% if galera_use_ssl | bool %}
-ssl-ca   = {{ galera_ssl_ca_cert }}
-ssl-cert = {{ galera_ssl_cert }}
-ssl-key  = {{ galera_ssl_key }}
+ssl
 {% endif %}
 
 [mysql_upgrade]
-host     = localhost
 user     = root
 password = {{ galera_root_password }}
 socket   = /var/run/mysqld/mysqld.sock