diff --git a/aquatic_common/Cargo.toml b/aquatic_common/Cargo.toml
index 1a1790f..4f2b994 100644
--- a/aquatic_common/Cargo.toml
+++ b/aquatic_common/Cargo.toml
@@ -13,6 +13,7 @@ name = "aquatic_common"
 
 [features]
 cpu-pinning = ["hwloc", "libc"]
+rustls-config = ["rustls", "rustls-pemfile"]
 
 [dependencies]
 aquatic_toml_config = "0.2.0"
@@ -30,4 +31,8 @@ serde = { version = "1", features = ["derive"] }
 
 # cpu-pinning
 hwloc = { version = "0.5", optional = true }
-libc = { version = "0.2", optional = true }
\ No newline at end of file
+libc = { version = "0.2", optional = true }
+
+# rustls-config
+rustls = { version = "0.20", optional = true }
+rustls-pemfile = { version = "0.3", optional = true }
\ No newline at end of file
diff --git a/aquatic_common/src/lib.rs b/aquatic_common/src/lib.rs
index 6995382..687a547 100644
--- a/aquatic_common/src/lib.rs
+++ b/aquatic_common/src/lib.rs
@@ -8,6 +8,8 @@ pub mod access_list;
 #[cfg(feature = "cpu-pinning")]
 pub mod cpu_pinning;
 pub mod privileges;
+#[cfg(feature = "rustls-config")]
+pub mod rustls_config;
 
 /// Amortized IndexMap using AHash hasher
 pub type AmortizedIndexMap<K, V> = indexmap_amortized::IndexMap<K, V, RandomState>;
diff --git a/aquatic_common/src/rustls_config.rs b/aquatic_common/src/rustls_config.rs
new file mode 100644
index 0000000..b852ec1
--- /dev/null
+++ b/aquatic_common/src/rustls_config.rs
@@ -0,0 +1,35 @@
+use std::{fs::File, io::BufReader, path::Path};
+
+pub type RustlsConfig = rustls::ServerConfig;
+
+pub fn create_rustls_config(
+    tls_certificate_path: &Path,
+    tls_private_key_path: &Path,
+) -> anyhow::Result<RustlsConfig> {
+    let certs = {
+        let f = File::open(tls_certificate_path)?;
+        let mut f = BufReader::new(f);
+
+        rustls_pemfile::certs(&mut f)?
+            .into_iter()
+            .map(|bytes| rustls::Certificate(bytes))
+            .collect()
+    };
+
+    let private_key = {
+        let f = File::open(tls_private_key_path)?;
+        let mut f = BufReader::new(f);
+
+        rustls_pemfile::pkcs8_private_keys(&mut f)?
+            .first()
+            .map(|bytes| rustls::PrivateKey(bytes.clone()))
+            .ok_or(anyhow::anyhow!("No private keys in file"))?
+    };
+
+    let tls_config = rustls::ServerConfig::builder()
+        .with_safe_defaults()
+        .with_no_client_auth()
+        .with_single_cert(certs, private_key)?;
+
+    Ok(tls_config)
+}