diff --git a/system/jlib/jsecrets.cpp b/system/jlib/jsecrets.cpp
index 427bf3abf57..6e8844fb789 100644
--- a/system/jlib/jsecrets.cpp
+++ b/system/jlib/jsecrets.cpp
@@ -1452,56 +1452,18 @@ ISyncedPropertyTree * createStorageTlsConfig(const char * secretName, bool addCA
 }
 
 
-static ISyncedPropertyTree * createIssuerTlsServerConfig(const char *name)
+const IPropertyTree *getIssuerTlsConfig(const char * issuer)
 {
-    validateSecretName(name);
-
-    StringBuffer filepath;
-    StringBuffer secretpath;
-
-    buildSecretPath(secretpath, "certificates", name);
-
-    filepath.set(secretpath).append("tls.crt");
-    if (!checkFileExists(filepath))
-        return nullptr;
-
-    Owned<IPropertyTree> info(createPTree(name));
-    info->setProp("@issuer", name);
-    info->setProp("certificate", filepath.str());
-    filepath.set(secretpath).append("tls.key");
-    if (checkFileExists(filepath))
-        info->setProp("privatekey", filepath.str());
-    IPropertyTree *verify = ensurePTree(info, "verify");
-    if (verify)
-    {
-        filepath.set(secretpath).append("ca.crt");
-        if (checkFileExists(filepath))
-        {
-            IPropertyTree *ca = ensurePTree(verify, "ca_certificates");
-            if (ca)
-                ca->setProp("@path", filepath.str());
-        }
-        //For now only the "public" issuer implies client certificates are not required
-        verify->setPropBool("@enable", !strieq(name, "public"));
-        verify->setPropBool("@address_match", false);
-        verify->setPropBool("@accept_selfsigned", false);
-        verify->setProp("trusted_peers", "anyone");
-    }
-    return createSyncedPropertyTree(info);
-}
-
-const IPropertyTree *getIssuerTlsConfig(const char *name)
-{
-    if (isEmptyString(name))
+    if (isEmptyString(issuer))
         return nullptr;
 
     CriticalBlock block(mtlsInfoCacheCS);
-    auto match = mtlsInfoCache.find(name);
+    auto match = mtlsInfoCache.find(issuer);
     if (match != mtlsInfoCache.cend())
         return match->second->getTree();
 
-    Owned<ISyncedPropertyTree> config = createIssuerTlsServerConfig(name);
-    mtlsInfoCache.emplace(name, config);
+    Owned<ISyncedPropertyTree> config = createIssuerTlsConfig(issuer, nullptr, false, false, true);
+    mtlsInfoCache.emplace(issuer, config);
     return config->getTree();
 }