diff --git a/cert.go b/cert.go
index 1f092a3..94ad90a 100644
--- a/cert.go
+++ b/cert.go
@@ -60,7 +60,7 @@ func (c *CertificateStore) Load(path string) error {
 		if err != nil {
 			continue
 		}
-		hostname := filepath.Base(crtPath)
+		hostname := strings.TrimSuffix(filepath.Base(crtPath), ".crt")
 		c.store[hostname] = cert
 	}
 	return nil
diff --git a/examples/auth/auth.go b/examples/auth/auth.go
index 1dc5697..9a7c0bd 100644
--- a/examples/auth/auth.go
+++ b/examples/auth/auth.go
@@ -3,7 +3,6 @@
 package main
 
 import (
-	"crypto/tls"
 	"crypto/x509"
 	"fmt"
 	"log"
@@ -34,16 +33,6 @@ var (
 )
 
 func main() {
-	// Configure a certificate.
-	// To generate a TLS key pair, run:
-	//
-	//     go run -tags=example ../cert
-	//
-	cert, err := tls.LoadX509KeyPair("examples/server/localhost.crt", "examples/server/localhost.key")
-	if err != nil {
-		log.Fatal(err)
-	}
-
 	handler := &gmi.ServeMux{}
 	handler.HandleFunc("/", welcome)
 	handler.HandleFunc("/login", login)
@@ -53,7 +42,9 @@ func main() {
 	handler.HandleFunc("/logout", logout)
 
 	server := &gmi.Server{}
-	server.CertificateStore.Add("localhost", cert)
+	if err := server.CertificateStore.Load("/var/lib/gemini/certs"); err != nil {
+		log.Fatal(err)
+	}
 	server.Handle("localhost", handler)
 
 	if err := server.ListenAndServe(); err != nil {
diff --git a/examples/server/server.go b/examples/server/server.go
index df405a1..01890ba 100644
--- a/examples/server/server.go
+++ b/examples/server/server.go
@@ -3,28 +3,20 @@
 package main
 
 import (
-	"crypto/tls"
 	"log"
 
 	"git.sr.ht/~adnano/gmi"
 )
 
 func main() {
-	// Load a TLS key pair.
-	// To generate a TLS key pair, run:
-	//
-	//     go run -tags=example ../cert
-	//
-	cert, err := tls.LoadX509KeyPair("examples/server/localhost.crt", "examples/server/localhost.key")
-	if err != nil {
-		log.Fatal(err)
-	}
-
 	mux := &gmi.ServeMux{}
 	mux.Handle("/", gmi.FileServer(gmi.Dir("/var/www")))
 
 	server := gmi.Server{}
-	server.CertificateStore.Add("localhost", cert)
+	if err := server.CertificateStore.Load("/var/lib/gemini/certs"); err != nil {
+		log.Fatal(err)
+	}
+	log.Print(server.CertificateStore)
 	server.Handle("localhost", mux)
 	server.ListenAndServe()
 }