diff --git a/src/Wt/WServer b/src/Wt/WServer
--- a/src/Wt/WServer
+++ b/src/Wt/WServer
@@ -423,6 +423,7 @@ private:
   WT_API void setCatchSignals(bool catchSignals);
 
   WT_API static WServer *instance_;
+  WT_API boost::function<std::string (std::size_t max_length)> sslPasswordCallback_;
 };
 
 }
diff --git a/src/http/Configuration.h b/src/http/Configuration.h
--- a/src/http/Configuration.h
+++ b/src/http/Configuration.h
@@ -75,6 +75,16 @@ public:
 
   ::int64_t maxMemoryRequestSize() const { return maxMemoryRequestSize_; }
 
+  // ssl Password callback is not configurable from a file but we store it
+  // here because it's used in the Server constructor (inside start())
+  void setSslPasswordCallback(
+          boost::function<std::string (std::size_t max_length)> cb)
+  { sslPasswordCallback_ = cb; }
+  boost::function<std::string (std::size_t max_length)> sslPasswordCallback()
+  { return sslPasswordCallback_; }
+  bool hasSslPasswordCallback()
+  { return sslPasswordCallback_; }
+
 private:
   Wt::WLogger& logger_;
   bool silent_;
@@ -110,6 +120,8 @@ private:
 
   ::int64_t maxMemoryRequestSize_;
 
+  boost::function<std::string (std::size_t max_length)> sslPasswordCallback_;
+
   void createOptions(po::options_description& options);
   void readOptions(const po::variables_map& vm);
 
diff --git a/src/http/Server.C b/src/http/Server.C
--- a/src/http/Server.C
+++ b/src/http/Server.C
@@ -150,6 +150,9 @@ void Server::start()
     LOG_INFO_S(&wt_, "starting server: https://" <<
 	       config_.httpsAddress() << ":" << config_.httpsPort());
 
+    if (config_.hasSslPasswordCallback())
+      ssl_context_.set_password_callback(config_.sslPasswordCallback());
+
     int sslOptions = asio::ssl::context::default_workarounds
       | asio::ssl::context::no_sslv2
       | asio::ssl::context::single_dh_use;
@@ -232,14 +235,6 @@ int Server::httpPort() const
   return tcp_acceptor_.local_endpoint().port();
 }
 
-void Server::setSslPasswordCallback(
-  boost::function<std::string (std::size_t max_length)> cb)
-{
-#ifdef HTTP_WITH_SSL
-  ssl_context_.set_password_callback(boost::bind(cb, _1));
-#endif // HTTP_WITH_SSL
-}
-
 void Server::startAccept()
 {
   /*
diff --git a/src/http/Server.h b/src/http/Server.h
--- a/src/http/Server.h
+++ b/src/http/Server.h
@@ -67,9 +67,6 @@ public:
   /// Returns the http port number.
   int httpPort() const;
 
-  // Sets callback for SSL passwords
-  void setSslPasswordCallback(boost::function<std::string (std::size_t max_length)> cb);
-
   Wt::WebController *controller();
 
   const Configuration &configuration() { return config_; }
diff --git a/src/http/WServer.C b/src/http/WServer.C
--- a/src/http/WServer.C
+++ b/src/http/WServer.C
@@ -109,6 +109,8 @@ void WServer::setServerConfiguration(int argc, char *argv[],
 
   impl_->serverConfiguration_ = new http::server::Configuration(logger());
 
+  impl_->serverConfiguration_->setSslPasswordCallback(sslPasswordCallback_);
+
   if (argc != 0)
     impl_->serverConfiguration_->setOptions(argc, argv,
 					    serverConfigurationFile);
@@ -231,7 +233,7 @@ int WServer::httpPort() const
 void WServer::setSslPasswordCallback(
   boost::function<std::string (std::size_t max_length)> cb)
 {
-  impl_->server_->setSslPasswordCallback(cb);
+  sslPasswordCallback_ = cb;
 }
 
 int WRun(int argc, char *argv[], ApplicationCreator createApplication)