diff --git a/commands/commands.go b/commands/commands.go
index 619e8b3b27..0a625ac377 100644
--- a/commands/commands.go
+++ b/commands/commands.go
@@ -97,7 +97,7 @@ func runAction(actionName string, c CommandLine, api libmachine.API) error {
 
 func fatalOnError(command func(commandLine CommandLine, api libmachine.API) error) func(context *cli.Context) {
 	return func(context *cli.Context) {
-		api := libmachine.NewClient(mcndirs.GetBaseDir())
+		api := libmachine.NewClient(mcndirs.GetBaseDir(), mcndirs.GetMachineCertDir())
 		defer api.Close()
 
 		if context.GlobalBool("native-ssh") {
diff --git a/libmachine/examples/vbox_create.go b/libmachine/examples/vbox_create.go
index 70d32348f2..9ae9f4b7de 100644
--- a/libmachine/examples/vbox_create.go
+++ b/libmachine/examples/vbox_create.go
@@ -13,7 +13,7 @@ import (
 func main() {
 	log.SetDebug(true)
 
-	client := libmachine.NewClient("/tmp/automatic")
+	client := libmachine.NewClient("/tmp/automatic", "/tmp/automatic/certs")
 
 	hostName := "myfunhost"
 
diff --git a/libmachine/libmachine.go b/libmachine/libmachine.go
index 3c00dc7270..bd291f177d 100644
--- a/libmachine/libmachine.go
+++ b/libmachine/libmachine.go
@@ -34,6 +34,7 @@ type API interface {
 }
 
 type Client struct {
+	certsDir       string
 	IsDebug        bool
 	SSHClientType  ssh.ClientType
 	GithubAPIToken string
@@ -41,9 +42,9 @@ type Client struct {
 	clientDriverFactory rpcdriver.RPCClientDriverFactory
 }
 
-func NewClient(storePath string) *Client {
-	certsDir := filepath.Join(storePath, ".docker", "machine", "certs")
+func NewClient(storePath, certsDir string) *Client {
 	return &Client{
+		certsDir:            certsDir,
 		IsDebug:             false,
 		SSHClientType:       ssh.External,
 		Filestore:           persist.NewFilestore(storePath, certsDir, certsDir),
@@ -57,8 +58,6 @@ func (api *Client) NewHost(driverName string, rawDriver []byte) (*host.Host, err
 		return nil, err
 	}
 
-	certDir := filepath.Join(api.Path, "certs")
-
 	return &host.Host{
 		ConfigVersion: version.ConfigVersion,
 		Name:          driver.GetMachineName(),
@@ -66,11 +65,11 @@ func (api *Client) NewHost(driverName string, rawDriver []byte) (*host.Host, err
 		DriverName:    driver.DriverName(),
 		HostOptions: &host.Options{
 			AuthOptions: &auth.Options{
-				CertDir:          certDir,
-				CaCertPath:       filepath.Join(certDir, "ca.pem"),
-				CaPrivateKeyPath: filepath.Join(certDir, "ca-key.pem"),
-				ClientCertPath:   filepath.Join(certDir, "cert.pem"),
-				ClientKeyPath:    filepath.Join(certDir, "key.pem"),
+				CertDir:          api.certsDir,
+				CaCertPath:       filepath.Join(api.certsDir, "ca.pem"),
+				CaPrivateKeyPath: filepath.Join(api.certsDir, "ca-key.pem"),
+				ClientCertPath:   filepath.Join(api.certsDir, "cert.pem"),
+				ClientKeyPath:    filepath.Join(api.certsDir, "key.pem"),
 				ServerCertPath:   filepath.Join(api.GetMachinesDir(), "server.pem"),
 				ServerKeyPath:    filepath.Join(api.GetMachinesDir(), "server-key.pem"),
 			},