diff --git a/apis/kubedb/v1alpha2/druid_helpers.go b/apis/kubedb/v1alpha2/druid_helpers.go
index f05bcb0b67..b931018fb5 100644
--- a/apis/kubedb/v1alpha2/druid_helpers.go
+++ b/apis/kubedb/v1alpha2/druid_helpers.go
@@ -19,6 +19,7 @@ package v1alpha2
 import (
 	"context"
 	"fmt"
+	"path/filepath"
 	"strconv"
 	"strings"
 
@@ -583,6 +584,18 @@ func (d *Druid) SetDefaults() {
 		}
 		d.Spec.Monitor.SetDefaults()
 	}
+
+	if d.Spec.EnableSSL {
+		d.SetTLSDefaults()
+	}
+}
+
+func (d *Druid) SetTLSDefaults() {
+	if d.Spec.TLS == nil || d.Spec.TLS.IssuerRef == nil {
+		return
+	}
+	d.Spec.TLS.Certificates = kmapi.SetMissingSecretNameForCertificate(d.Spec.TLS.Certificates, string(DruidServerCert), d.CertificateName(DruidServerCert))
+	d.Spec.TLS.Certificates = kmapi.SetMissingSecretNameForCertificate(d.Spec.TLS.Certificates, string(DruidClientCert), d.CertificateName(DruidClientCert))
 }
 
 func (d *Druid) SetDefaultsToMetadataStorage() {
@@ -785,3 +798,16 @@ func (d *Druid) GetZooKeeperName() string {
 func (d *Druid) GetInitConfigMapName() string {
 	return d.OffShootName() + "-init-script"
 }
+
+// CertSecretVolumeName returns the CertSecretVolumeName
+// Values will be like: client-certs, server-certs etc.
+func (d *Druid) CertSecretVolumeName(alias DruidCertificateAlias) string {
+	return string(alias) + "-certs"
+}
+
+// CertSecretVolumeMountPath returns the CertSecretVolumeMountPath
+// if configDir is "/var/druid/ssl",
+// mountPath will be, "/var/druid/ssl/<alias>".
+func (d *Druid) CertSecretVolumeMountPath(configDir string, cert string) string {
+	return filepath.Join(configDir, cert)
+}