diff --git a/roles/koji_hub/templates/kojiweb.conf.j2 b/roles/koji_hub/templates/kojiweb.conf.j2
index e77d52bb6b..b861bba9fc 100644
--- a/roles/koji_hub/templates/kojiweb.conf.j2
+++ b/roles/koji_hub/templates/kojiweb.conf.j2
@@ -21,17 +21,11 @@ Alias /robots.txt /var/www/html/robots.txt
 </Directory>
 
 <Location /koji/login>
-{% if env == "production" %}
-    SSLVerifyClient require
-    SSLVerifyDepth  10
-    SSLOptions +StdEnvVars
-{% else %}
     AuthType GSSAPI
     GssapiSSLonly On
     AuthName "GSSAPI Single Sign On Login"
     GssapiCredStore keytab:/etc/koji-hub-http.keytab
     Require valid-user
-{% endif %}
 </Location>
 
 
diff --git a/roles/koji_hub/templates/web.conf.j2 b/roles/koji_hub/templates/web.conf.j2
index 06bd2edbdd..373111d803 100644
--- a/roles/koji_hub/templates/web.conf.j2
+++ b/roles/koji_hub/templates/web.conf.j2
@@ -21,13 +21,9 @@ KojiFilesURL = https://kojipkgs.fedoraproject.org/
 {% endif %}
 
 # SSL authentication options
-{% if env == "production" %}
-WebCert = /etc/pki/tls/private/kojiweb_cert_key.pem
-{% else %}
 KrbRDNS = False
 WebKeytab = /etc/koji-hub-http.keytab
-WebPrincipal = HTTP/koji.stg.fedoraproject.org
-{% endif %}
+WebPrincipal = HTTP/koji.{% if env == "staging" %}stg.{% endif %}fedoraproject.org
 ClientCA = /etc/pki/tls/certs/upload_cacert.pem
 KojiHubCA = /etc/pki/tls/certs/extras_cacert.pem