diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl
index 471670beb..f8c4ad335 100644
--- a/apps/emqx/src/emqx_schema.erl
+++ b/apps/emqx/src/emqx_schema.erl
@@ -1824,13 +1824,7 @@ common_ssl_opts_schema(Defaults) ->
 %% @doc Make schema for SSL listener options.
 %% When it's for ranch listener, an extra field `handshake_timeout' is added.
 -spec server_ssl_opts_schema(map(), boolean()) -> hocon_schema:field_schema().
-server_ssl_opts_schema(Defaults1, IsRanchListener) ->
-    Defaults0 = #{
-        cacertfile => emqx:cert_file("cacert.pem"),
-        certfile => emqx:cert_file("cert.pem"),
-        keyfile => emqx:cert_file("key.pem")
-    },
-    Defaults = maps:merge(Defaults0, Defaults1),
+server_ssl_opts_schema(Defaults, IsRanchListener) ->
     D = fun(Field) -> maps:get(to_atom(Field), Defaults, undefined) end,
     Df = fun(Field, Default) -> maps:get(to_atom(Field), Defaults, Default) end,
     common_ssl_opts_schema(Defaults) ++
@@ -1883,15 +1877,7 @@ server_ssl_opts_schema(Defaults1, IsRanchListener) ->
 
 %% @doc Make schema for SSL client.
 -spec client_ssl_opts_schema(map()) -> hocon_schema:field_schema().
-client_ssl_opts_schema(Defaults1) ->
-    %% assert
-    true = lists:all(fun(K) -> is_atom(K) end, maps:keys(Defaults1)),
-    Defaults0 = #{
-        cacertfile => emqx:cert_file("cacert.pem"),
-        certfile => emqx:cert_file("client-cert.pem"),
-        keyfile => emqx:cert_file("client-key.pem")
-    },
-    Defaults = maps:merge(Defaults0, Defaults1),
+client_ssl_opts_schema(Defaults) ->
     common_ssl_opts_schema(Defaults) ++
         [
             {"server_name_indication",