diff --git a/class/defaults.yml b/class/defaults.yml
index 79af072e..6a9ab1e3 100644
--- a/class/defaults.yml
+++ b/class/defaults.yml
@@ -132,7 +132,7 @@ parameters:
       password: "?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/db-password}"
       database: keycloak
       username: keycloak
-      jdbcParams: sslmode=verify-ca&sslrootcert=/opt/jboss/certs/tls.crt
+      jdbcParams: sslmode=verify-ca&sslrootcert=/opt/keycloak/db-certs/tls.crt
 
       tls:
         enabled: true
@@ -212,7 +212,7 @@ parameters:
       extraVolumeMounts: |
         - name: db-certs
           readOnly: true
-          mountPath: /opt/jboss/certs
+          mountPath: /opt/keycloak/db-certs
         - name: keycloak-tls
           readOnly: true
           mountPath: /etc/x509/https
diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc
index df96f79f..3522a587 100644
--- a/docs/modules/ROOT/pages/references/parameters.adoc
+++ b/docs/modules/ROOT/pages/references/parameters.adoc
@@ -541,10 +541,10 @@ default:: `keycloak`
 
 [horizontal]
 type:: string
-default:: `sslmode=verify-ca&sslrootcert=/opt/jboss/certs/tls.crt`
+default:: `sslmode=verify-ca&sslrootcert=/opt/keycloak/db-certs/tls.crt`
 
 Please note that if you need to customize JDBC parameters, copy and append them to the default with `&`, otherwise TLS will be disabled.
-For example: `sslmode=verify-ca&sslrootcert=/opt/jboss/certs/tls.crt&mycustomparameter=somevalue`
+For example: `sslmode=verify-ca&sslrootcert=/opt/keycloak/db-certs/tls.crt&mycustomparameter=somevalue`
 
 
 == `database.password`
diff --git a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
index 3d388aee..8e044a03 100644
--- a/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
+++ b/tests/golden/builtin/builtin/builtin/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
@@ -138,7 +138,7 @@ spec:
           periodSeconds: 5
           timeoutSeconds: 1
         volumeMounts:
-        - mountPath: /opt/jboss/certs
+        - mountPath: /opt/keycloak/db-certs
           name: db-certs
           readOnly: true
         - mountPath: /etc/x509/https
diff --git a/tests/golden/builtin/builtin/builtin/11_db_secret.yaml b/tests/golden/builtin/builtin/builtin/11_db_secret.yaml
index 6b6fcda8..7c4b8d6a 100644
--- a/tests/golden/builtin/builtin/builtin/11_db_secret.yaml
+++ b/tests/golden/builtin/builtin/builtin/11_db_secret.yaml
@@ -11,7 +11,7 @@ metadata:
     name: keycloak-postgresql
   name: keycloak-postgresql
 stringData:
-  JDBC_PARAMS: sslmode=verify-ca&sslrootcert=/opt/jboss/certs/tls.crt
+  JDBC_PARAMS: sslmode=verify-ca&sslrootcert=/opt/keycloak/db-certs/tls.crt
   KC_DB_PASSWORD: t-silent-test-1234/c-green-test-1234/builtin/db-password
   postgresql-password: t-silent-test-1234/c-green-test-1234/builtin/db-password
   postgresql-postgres-password: t-silent-test-1234/c-green-test-1234/builtin/db-password
diff --git a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
index 4e947ec7..18ac393d 100644
--- a/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
+++ b/tests/golden/external/external/external/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
@@ -136,7 +136,7 @@ spec:
           periodSeconds: 5
           timeoutSeconds: 1
         volumeMounts:
-        - mountPath: /opt/jboss/certs
+        - mountPath: /opt/keycloak/db-certs
           name: db-certs
           readOnly: true
         - mountPath: /etc/x509/https
diff --git a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
index 7042b2f6..dd9dd683 100644
--- a/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
+++ b/tests/golden/openshift/openshift/openshift/01_keycloak_helmchart/keycloakx/templates/statefulset.yaml
@@ -134,7 +134,7 @@ spec:
           periodSeconds: 5
           timeoutSeconds: 1
         volumeMounts:
-        - mountPath: /opt/jboss/certs
+        - mountPath: /opt/keycloak/db-certs
           name: db-certs
           readOnly: true
         - mountPath: /etc/x509/https
diff --git a/tests/golden/openshift/openshift/openshift/11_db_secret.yaml b/tests/golden/openshift/openshift/openshift/11_db_secret.yaml
index 08d7ad1b..e5a44922 100644
--- a/tests/golden/openshift/openshift/openshift/11_db_secret.yaml
+++ b/tests/golden/openshift/openshift/openshift/11_db_secret.yaml
@@ -11,6 +11,6 @@ metadata:
     name: keycloak-postgresql
   name: keycloak-postgresql
 stringData:
-  JDBC_PARAMS: sslmode=verify-ca&sslrootcert=/opt/jboss/certs/tls.crt
+  JDBC_PARAMS: sslmode=verify-ca&sslrootcert=/opt/keycloak/db-certs/tls.crt
   KC_DB_PASSWORD: t-silent-test-1234/c-green-test-1234/openshift/db-password
 type: Opaque