diff --git a/pkg/dashboard/adapter/config.go b/pkg/dashboard/adapter/config.go
index 63c900acf776..a1661b84f2bd 100644
--- a/pkg/dashboard/adapter/config.go
+++ b/pkg/dashboard/adapter/config.go
@@ -38,6 +38,9 @@ func GenDashboardConfig(srv *server.Server) (*config.Config, error) {
 	if dashboardCfg.ClusterTLSConfig, err = cfg.Security.ToTLSConfig(); err != nil {
 		return nil, err
 	}
+	if dashboardCfg.ClusterTLSInfo, err = cfg.Security.ToTLSInfo(); err != nil {
+		return nil, err
+	}
 	if dashboardCfg.TiDBTLSConfig, err = cfg.Dashboard.ToTiDBTLSConfig(); err != nil {
 		return nil, err
 	}
diff --git a/pkg/utils/grpcutil/grpcutil.go b/pkg/utils/grpcutil/grpcutil.go
index a001ec4bd039..73baaffde783 100644
--- a/pkg/utils/grpcutil/grpcutil.go
+++ b/pkg/utils/grpcutil/grpcutil.go
@@ -56,6 +56,24 @@ type TLSConfig struct {
 	SSLKEYBytes  []byte
 }
 
+// TOTLSInfo converts TLSConfig to transport.TLSInfo.
+func (s TLSConfig) ToTLSInfo() (*transport.TLSInfo, error) {
+	if len(s.CertPath) == 0 && len(s.KeyPath) == 0 {
+		return nil, nil
+	}
+	allowedCN, err := s.GetOneAllowedCN()
+	if err != nil {
+		return nil, err
+	}
+
+	return &transport.TLSInfo{
+		CertFile:      s.CertPath,
+		KeyFile:       s.KeyPath,
+		TrustedCAFile: s.CAPath,
+		AllowedCN:     allowedCN,
+	}, nil
+}
+
 // ToTLSConfig generates tls config.
 func (s TLSConfig) ToTLSConfig() (*tls.Config, error) {
 	if len(s.SSLCABytes) != 0 || len(s.SSLCertBytes) != 0 || len(s.SSLKEYBytes) != 0 {
@@ -77,19 +95,9 @@ func (s TLSConfig) ToTLSConfig() (*tls.Config, error) {
 		}, nil
 	}
 
-	if len(s.CertPath) == 0 && len(s.KeyPath) == 0 {
-		return nil, nil
-	}
-	allowedCN, err := s.GetOneAllowedCN()
+	tlsInfo, err := s.ToTLSInfo()
 	if err != nil {
-		return nil, err
-	}
-
-	tlsInfo := transport.TLSInfo{
-		CertFile:      s.CertPath,
-		KeyFile:       s.KeyPath,
-		TrustedCAFile: s.CAPath,
-		AllowedCN:     allowedCN,
+		return nil, errs.ErrEtcdTLSConfig.Wrap(err).GenWithStackByCause()
 	}
 
 	tlsConfig, err := tlsInfo.ClientConfig()