diff --git a/src/main/helm/templates/ingress.yaml b/src/main/helm/templates/ingress.yaml
index e029f52a41099e9a1df22d13b7e50489d5bf446f..30a0c4e0f5cd43f6011a5688dc322734457426da 100644
--- a/src/main/helm/templates/ingress.yaml
+++ b/src/main/helm/templates/ingress.yaml
@@ -4,15 +4,9 @@ metadata:
   name: {{ .Release.Name }}
   namespace: {{ include "app.namespace" . }}
   annotations:
-    {{- if (.Values.ingress).certManagerAnnotations -}}
-    {{- range (.Values.ingress).certManagerAnnotations }}
-{{ . | indent 4 }}
-    {{- end }}
-    {{- else if (.Values.ingress).use_staging_cert }}
-    cert-manager.io/cluster-issuer: letsencrypt-staging
-    {{- else }}
-    cert-manager.io/cluster-issuer: letsencrypt-prod
-    {{- end }}
+    nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
+    nginx.ingress.kubernetes.io/auth-tls-secret: {{ include "app.namespace" . }}-ca-cert
+    nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
 spec:
   {{- if (.Values.ingress).className }}
   ingressClassName: {{ .Values.ingress.className }}
@@ -32,8 +26,4 @@ spec:
   tls:
     - hosts:
       - {{ include "app.baseDomain" . }}
-      {{- if (.Values.ingress).tlsSecretName }}
-      secretName: {{ (.Values.ingress).tlsSecretName }}
-      {{- else }}
-      secretName: {{ .Values.ozgcloud.bezeichner }}-{{ .Release.Name }}-tls
-      {{- end }}
\ No newline at end of file
+      secretName: {{ .Release.Name }}-tls-secret
\ No newline at end of file
diff --git a/src/test/helm/ingress_test.yaml b/src/test/helm/ingress_test.yaml
index e25af97ccb17497a93dc167175386699dcb08c5b..c9af2003957c557ff0740165978f44f1a3133c56 100644
--- a/src/test/helm/ingress_test.yaml
+++ b/src/test/helm/ingress_test.yaml
@@ -38,19 +38,11 @@ tests:
     asserts:
       - isKind:
           of: Ingress
-  - it: should create default ingress tls
+  - it: should use same tls secret as in cluster
     asserts:
       - equal:
           path: spec.tls[0].secretName
-          value: helm-matabase-tls
-  - it: should set ingress tls
-    set: 
-      ingress:
-        tlsSecretName: client-tls
-    asserts:
-      - equal:
-          path: spec.tls[0].secretName
-          value: client-tls
+          value: matabase-tls-secret
 
   - it: should not create ingress tls/ingressClass by default
     asserts:
@@ -65,27 +57,23 @@ tests:
           path: spec.ingressClassName
           value: ingress
   
-  - it: should use default letsencrypt-prod cluster-issuer
+  - it: should enable client verification
     asserts:
       - equal:
-          path: metadata.annotations["cert-manager.io/cluster-issuer"]
-          value: letsencrypt-prod
+          path: metadata.annotations["nginx.ingress.kubernetes.io/auth-tls-verify-client"]
+          value: "on"
 
-  - it: should use letsencrypt-staging cluster-issuer
-    set:
-      ingress.use_staging_cert: true
+  - it: should use CA of namespace to verify certificates
     asserts:
       - equal:
-          path: metadata.annotations["cert-manager.io/cluster-issuer"]
-          value: letsencrypt-staging
+          path: metadata.annotations["nginx.ingress.kubernetes.io/auth-tls-secret"]
+          value: sh-helm-test-ca-cert
 
-  - it: should use letsencrypt-prod cluster-issuer
-    set:
-      ingress.use_staging_cert: false
+  - it: should pass certificate to upstream server
     asserts:
       - equal:
-          path: metadata.annotations["cert-manager.io/cluster-issuer"]
-          value: letsencrypt-prod
+          path: metadata.annotations["nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream"]
+          value: "true"
 
   - it: should create tls hosts name correctly
     asserts: