diff --git a/.github/workflows/run_helm_tests.yaml b/.github/workflows/run_helm_tests.yaml
index d449ea54d..bc4a7245f 100644
--- a/.github/workflows/run_helm_tests.yaml
+++ b/.github/workflows/run_helm_tests.yaml
@@ -76,8 +76,6 @@ jobs:
           EMQX_RPC__CACERTFILE: /opt/emqx/etc/certs/cacert.pem
           EMQX_RPC__CIPHERS: TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256
           EMQX_RPC__TLS_VERSIONS: "[tlsv1.3]"
-          EMQX_RPC__SSL_SERVER_PRT: 5370
-          EMQX_RPC__PORT_DISCOVERY: manual
         EOL
     - name: Prepare emqxConfig.EMQX_RPC using ssl1.2
       working-directory: source
@@ -91,7 +89,6 @@ jobs:
           EMQX_RPC__CACERTFILE: /opt/emqx/etc/certs/cacert.pem
           EMQX_RPC__CIPHERS: TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256
           EMQX_RPC__TLS_VERSIONS: "[tlsv1.2]"
-          EMQX_RPC__SSL_SERVER_PRT: 5370
           EMQX_RPC__PORT_DISCOVERY: manual
         EOL
     - name: run emqx on chart (k8s)
diff --git a/apps/emqx_conf/src/emqx_conf_schema.erl b/apps/emqx_conf/src/emqx_conf_schema.erl
index 382d25de1..e5c78c784 100644
--- a/apps/emqx_conf/src/emqx_conf_schema.erl
+++ b/apps/emqx_conf/src/emqx_conf_schema.erl
@@ -1151,6 +1151,7 @@ translation("emqx") ->
 translation("gen_rpc") ->
     [
         {"default_client_driver", fun tr_gen_rpc_default_client_driver/1},
+        {"ssl_client_port", fun tr_gen_rpc_ssl_client_port/1},
         {"ssl_client_options", fun tr_gen_rpc_ssl_options/1},
         {"ssl_server_options", fun tr_gen_rpc_ssl_options/1},
         {"socket_ip", fun(Conf) ->
@@ -1226,6 +1227,9 @@ collector_enabled(disabled, _) -> [].
 tr_gen_rpc_default_client_driver(Conf) ->
     conf_get("rpc.protocol", Conf).
 
+tr_gen_rpc_ssl_client_port(Conf) ->
+    conf_get("rpc.ssl_server_port", Conf).
+
 tr_gen_rpc_ssl_options(Conf) ->
     Ciphers = conf_get("rpc.ciphers", Conf),
     Versions = conf_get("rpc.tls_versions", Conf),
diff --git a/changes/ce/fix-11813.en.md b/changes/ce/fix-11813.en.md
new file mode 100644
index 000000000..f82671feb
--- /dev/null
+++ b/changes/ce/fix-11813.en.md
@@ -0,0 +1,4 @@
+Fix schema: RPC client ssl port alighn with configured server port.
+And ensure RPC ports are opened in helm chart.
+
+
diff --git a/deploy/charts/emqx-enterprise/templates/StatefulSet.yaml b/deploy/charts/emqx-enterprise/templates/StatefulSet.yaml
index d884015b7..0e2e90fd8 100644
--- a/deploy/charts/emqx-enterprise/templates/StatefulSet.yaml
+++ b/deploy/charts/emqx-enterprise/templates/StatefulSet.yaml
@@ -121,9 +121,9 @@ spec:
           {{- end }}
           - name: ekka
             containerPort: 4370
-          - name: genrpc
+          - name: genrpc-manual
             containerPort: 5369
-          - name: genrpc-ssl
+          - name: genrpc2-auto
             containerPort: 5370
           envFrom:
             - configMapRef:
diff --git a/deploy/charts/emqx/templates/StatefulSet.yaml b/deploy/charts/emqx/templates/StatefulSet.yaml
index d14a78092..9ec19cbf3 100644
--- a/deploy/charts/emqx/templates/StatefulSet.yaml
+++ b/deploy/charts/emqx/templates/StatefulSet.yaml
@@ -121,9 +121,9 @@ spec:
           {{- end }}
           - name: ekka
             containerPort: 4370
-          - name: genrpc
+          - name: genrpc-manual
             containerPort: 5369
-          - name: genrpc-ssl
+          - name: genrpc2-auto
             containerPort: 5370
           envFrom:
             - configMapRef: