diff --git a/commands.go b/commands.go
index cc0774c090..ce3b72d805 100644
--- a/commands.go
+++ b/commands.go
@@ -374,15 +374,36 @@ func cmdCreate(c *cli.Context) {
 		log.Fatal("You must specify a machine name")
 	}
 
-	if err := setupCertificates(c.GlobalString("tls-ca-cert"), c.GlobalString("tls-ca-key"),
-		c.GlobalString("tls-client-cert"), c.GlobalString("tls-client-key")); err != nil {
+	// setup cert paths
+	caCertPath := c.GlobalString("tls-ca-cert")
+	caKeyPath := c.GlobalString("tls-ca-key")
+	clientCertPath := c.GlobalString("tls-client-cert")
+	clientKeyPath := c.GlobalString("tls-client-key")
+
+	if caCertPath == "" {
+		caCertPath = filepath.Join(utils.GetMachineCertDir(), "ca.pem")
+	}
+
+	if caKeyPath == "" {
+		caKeyPath = filepath.Join(utils.GetMachineCertDir(), "ca-key.pem")
+	}
+
+	if clientCertPath == "" {
+		clientCertPath = filepath.Join(utils.GetMachineCertDir(), "cert.pem")
+	}
+
+	if clientKeyPath == "" {
+		clientKeyPath = filepath.Join(utils.GetMachineCertDir(), "key.pem")
+	}
+
+	if err := setupCertificates(caCertPath, caKeyPath, clientCertPath, clientKeyPath); err != nil {
 		log.Fatalf("Error generating certificates: %s", err)
 	}
 
 	defaultStore, err := getDefaultStore(
 		c.GlobalString("storage-path"),
-		c.GlobalString("tls-ca-cert"),
-		c.GlobalString("tls-ca-key"),
+		caCertPath,
+		caKeyPath,
 	)
 	if err != nil {
 		log.Fatal(err)
diff --git a/main.go b/main.go
index 32fe9b51ee..761304d858 100644
--- a/main.go
+++ b/main.go
@@ -3,7 +3,6 @@ package main
 import (
 	"os"
 	"path"
-	"path/filepath"
 
 	log "github.com/Sirupsen/logrus"
 	"github.com/codegangsta/cli"
@@ -39,32 +38,32 @@ func main() {
 		cli.StringFlag{
 			EnvVar: "MACHINE_STORAGE_PATH",
 			Name:   "storage-path",
-			Value:  utils.GetMachineRoot(),
+			Value:  utils.GetBaseDir(),
 			Usage:  "Configures storage path",
 		},
 		cli.StringFlag{
 			EnvVar: "MACHINE_TLS_CA_CERT",
 			Name:   "tls-ca-cert",
 			Usage:  "CA to verify remotes against",
-			Value:  filepath.Join(utils.GetMachineCertDir(), "ca.pem"),
+			Value:  "",
 		},
 		cli.StringFlag{
 			EnvVar: "MACHINE_TLS_CA_KEY",
 			Name:   "tls-ca-key",
 			Usage:  "Private key to generate certificates",
-			Value:  filepath.Join(utils.GetMachineCertDir(), "ca-key.pem"),
+			Value:  "",
 		},
 		cli.StringFlag{
 			EnvVar: "MACHINE_TLS_CLIENT_CERT",
 			Name:   "tls-client-cert",
 			Usage:  "Client cert to use for TLS",
-			Value:  filepath.Join(utils.GetMachineCertDir(), "cert.pem"),
+			Value:  "",
 		},
 		cli.StringFlag{
 			EnvVar: "MACHINE_TLS_CLIENT_KEY",
 			Name:   "tls-client-key",
 			Usage:  "Private key used in client TLS auth",
-			Value:  filepath.Join(utils.GetMachineCertDir(), "key.pem"),
+			Value:  "",
 		},
 	}
 
diff --git a/utils/utils.go b/utils/utils.go
index d63e05052e..fe20674f46 100644
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -22,7 +22,7 @@ func GetHomeDir() string {
 func GetBaseDir() string {
 	baseDir := os.Getenv("MACHINE_STORAGE_PATH")
 	if baseDir == "" {
-		baseDir = filepath.Join(GetHomeDir(), ".docker")
+		baseDir = filepath.Join(GetHomeDir(), ".docker", "machine")
 	}
 	return baseDir
 }
@@ -31,20 +31,16 @@ func GetDockerDir() string {
 	return filepath.Join(GetHomeDir(), ".docker")
 }
 
-func GetMachineRoot() string {
-	return filepath.Join(GetBaseDir(), "machine")
-}
-
 func GetMachineDir() string {
-	return filepath.Join(GetMachineRoot(), "machines")
+	return filepath.Join(GetBaseDir(), "machines")
 }
 
 func GetMachineCertDir() string {
-	return filepath.Join(GetMachineRoot(), "certs")
+	return filepath.Join(GetBaseDir(), "certs")
 }
 
 func GetMachineCacheDir() string {
-	return filepath.Join(GetMachineRoot(), "cache")
+	return filepath.Join(GetBaseDir(), "cache")
 }
 
 func GetUsername() string {