diff --git a/cmd/helm/helm.go b/cmd/helm/helm.go
index b262e577b..3810cfb8e 100644
--- a/cmd/helm/helm.go
+++ b/cmd/helm/helm.go
@@ -268,13 +268,13 @@ func newClient() helm.Interface {
 
 	if tlsVerify || tlsEnable {
 		if tlsCaCertFile == "" {
-			tlsCaCertFile = os.ExpandEnv(tlsCaCertDefault)
+			tlsCaCertFile = settings.Home.TLSCaCert()
 		}
 		if tlsCertFile == "" {
-			tlsCertFile = os.ExpandEnv(tlsCertDefault)
+			tlsCertFile = settings.Home.TLSCert()
 		}
 		if tlsKeyFile == "" {
-			tlsKeyFile = os.ExpandEnv(tlsKeyDefault)
+			tlsKeyFile = settings.Home.TLSKey()
 		}
 		debug("Key=%q, Cert=%q, CA=%q\n", tlsKeyFile, tlsCertFile, tlsCaCertFile)
 		tlsopts := tlsutil.Options{KeyFile: tlsKeyFile, CertFile: tlsCertFile, InsecureSkipVerify: true}
diff --git a/pkg/helm/helmpath/helmhome.go b/pkg/helm/helmpath/helmhome.go
index 2f9877f85..b5ec4909e 100644
--- a/pkg/helm/helmpath/helmhome.go
+++ b/pkg/helm/helmpath/helmhome.go
@@ -82,7 +82,22 @@ func (h Home) Plugins() string {
 	return h.Path("plugins")
 }
 
-// Archive returns the path to download chart archives
+// Archive returns the path to download chart archives.
 func (h Home) Archive() string {
 	return h.Path("cache", "archive")
 }
+
+// TLSCaCert returns the path to fetch the CA certificate.
+func (h Home) TLSCaCert() string {
+	return h.Path("ca.pem")
+}
+
+// TLSCert returns the path to fetch the client certificate.
+func (h Home) TLSCert() string {
+	return h.Path("cert.pem")
+}
+
+// TLSKey returns the path to fetch the client public key.
+func (h Home) TLSKey() string {
+	return h.Path("key.pem")
+}
diff --git a/pkg/helm/helmpath/helmhome_unix_test.go b/pkg/helm/helmpath/helmhome_unix_test.go
index 153e506e0..494d0f6b4 100644
--- a/pkg/helm/helmpath/helmhome_unix_test.go
+++ b/pkg/helm/helmpath/helmhome_unix_test.go
@@ -38,6 +38,9 @@ func TestHelmHome(t *testing.T) {
 	isEq(t, hh.CacheIndex("t"), "/r/repository/cache/t-index.yaml")
 	isEq(t, hh.Starters(), "/r/starters")
 	isEq(t, hh.Archive(), "/r/cache/archive")
+	isEq(t, hh.TLSCaCert(), "/r/ca.pem")
+	isEq(t, hh.TLSCert(), "/r/cert.pem")
+	isEq(t, hh.TLSKey(), "/r/key.pem")
 }
 
 func TestHelmHome_expand(t *testing.T) {
diff --git a/pkg/helm/helmpath/helmhome_windows_test.go b/pkg/helm/helmpath/helmhome_windows_test.go
index d29c29b60..e416bfd58 100644
--- a/pkg/helm/helmpath/helmhome_windows_test.go
+++ b/pkg/helm/helmpath/helmhome_windows_test.go
@@ -35,4 +35,7 @@ func TestHelmHome(t *testing.T) {
 	isEq(t, hh.CacheIndex("t"), "r:\\repository\\cache\\t-index.yaml")
 	isEq(t, hh.Starters(), "r:\\starters")
 	isEq(t, hh.Archive(), "r:\\cache\\archive")
+	isEq(t, hh.TLSCaCert(), "r:\\ca.pem")
+	isEq(t, hh.TLSCert(), "r:\\cert.pem")
+	isEq(t, hh.TLSKey(), "r:\\key.pem")
 }