diff --git a/chart/templates/istio/secret-tls.yaml b/chart/templates/istio/secret-tls.yaml
index b734dee9977a50603494258c78c6faea5816da7f..423b4827372420ba2c9d5b9464c3e9bb5bd68eb9 100644
--- a/chart/templates/istio/secret-tls.yaml
+++ b/chart/templates/istio/secret-tls.yaml
@@ -1,14 +1,8 @@
 {{- if .Values.istio.enabled }}
-
-{{/*
-For backwards compatibility, get key/cert from .Values.istio.ingress
-*/}}
-{{- $default := .Values.istio.ingress | default dict -}}
-
 {{- range $name, $values := .Values.istio.gateways }}
 {{- if $values.servers }}
 {{- range $index, $servervalues := $values.servers }}
-{{- if or (and (dig "tls" "cert" "" $servervalues) (dig "tls" "key" "" $servervalues)) (and $default.cert $default.key) }}
+{{- if and (dig "tls" "cert" "" $servervalues) (dig "tls" "key" "" $servervalues) }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -20,15 +14,18 @@ metadata:
     {{- include "commonLabels" $ | nindent 4}}
 type: kubernetes.io/tls
 data:
-  tls.crt: {{ default $default.cert $servervalues.tls.cert | b64enc }}
-  tls.key: {{ default $default.key $servervalues.tls.key | b64enc }}
+  tls.crt: {{ $servervalues.tls.cert | b64enc }}
+  tls.key: {{ $servervalues.tls.key | b64enc }}
+  {{- if $servervalues.tls.ca }}
+  ca.crt: {{ $servervalues.tls.ca | b64enc }}
+  {{- end }}
 ---
 {{- end }}
 {{- end }}
 {{/*
 For backwards compatibility, get certificate and key from .Values.istio.gateways.<gateway>.tls
 */}}
-{{- else if or (and (dig "tls" "cert" "" $values) (dig "tls" "key" "" $values)) (and $default.cert $default.key) }}
+{{- else if and (dig "tls" "cert" "" $values) (dig "tls" "key" "" $values) }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -40,8 +37,11 @@ metadata:
     {{- include "commonLabels" $ | nindent 4}}
 type: kubernetes.io/tls
 data:
-  tls.crt: {{ default $default.cert $values.tls.cert | b64enc }}
-  tls.key: {{ default $default.key $values.tls.key | b64enc }}
+  tls.crt: {{ $values.tls.cert | b64enc }}
+  tls.key: {{ $values.tls.key | b64enc }}
+  {{- if $values.tls.ca }}
+  ca.crt: {{ $values.tls.ca | b64enc }}
+  {{- end }}
 ---
 {{- end }}
 {{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
index 16aa05ecbacd5469212588fc2d636241774325e8..46e5c9139b56eb8e55a3f2ba6e1e6157f6d92366 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -270,6 +270,18 @@ istio:
     #     enabled: true
     #   tls:
     #     mode: "PASSTHROUGH"
+    # mutual:
+    #   ingressGateway: "mutual-ingressgateway"
+    #   hosts:
+    #   - "*.{{ .Values.domain }}"
+    #   # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
+    #   autoHttpRedirect:
+    #     enabled: true
+    #   tls:
+    #     mode: MUTUAL
+    #     cert: ""
+    #     key: ""
+    #     ca: ""
 
   # -- Flux reconciliation overrides specifically for the Istio Package
   flux: {}