diff --git a/src/GapicClientTrait.php b/src/GapicClientTrait.php
index eb53b1b95..3df8b3246 100644
--- a/src/GapicClientTrait.php
+++ b/src/GapicClientTrait.php
@@ -223,7 +223,12 @@ private function buildClientOptions(array $options)
         // mTLS: detect and load the default clientCertSource if the environment variable
         // "GOOGLE_API_USE_CLIENT_CERTIFICATE" is true, and the cert source is available
         if (empty($options['clientCertSource']) && CredentialsLoader::shouldLoadClientCertSource()) {
-            $options['clientCertSource'] = CredentialsLoader::getDefaultClientCertSource();
+            $options['clientCertSource'] = function () {
+                $cert = call_user_func(CredentialsLoader::getDefaultClientCertSource());
+
+                // the key and the cert are returned in one string
+                return [$cert, $cert];
+            };
         }
 
         // mTLS: If no apiEndpoint has been supplied by the user, and either
diff --git a/src/Transport/GrpcTransport.php b/src/Transport/GrpcTransport.php
index d3b1ce9bf..f227e0ceb 100644
--- a/src/Transport/GrpcTransport.php
+++ b/src/Transport/GrpcTransport.php
@@ -265,9 +265,6 @@ private function getCallOptions(array $options)
 
     private static function loadClientCertSource(callable $clientCertSource)
     {
-        $cert = call_user_func($clientCertSource);
-
-        // the key and the cert are returned in one string
-        return [$cert, $cert];
+        return call_user_func($clientCertSource);
     }
 }
diff --git a/src/Transport/HttpUnaryTransportTrait.php b/src/Transport/HttpUnaryTransportTrait.php
index 226faaebe..4a65627a2 100644
--- a/src/Transport/HttpUnaryTransportTrait.php
+++ b/src/Transport/HttpUnaryTransportTrait.php
@@ -152,10 +152,13 @@ private function throwUnsupportedException()
 
     private static function loadClientCertSource(callable $clientCertSource)
     {
-        $f = tempnam(sys_get_temp_dir(), 'cert');
-        file_put_contents($f, call_user_func($this->clientCertSource));
+        $certFile = tempnam(sys_get_temp_dir(), 'cert');
+        $keyFile = tempnam(sys_get_temp_dir(), 'key');
+        list($cert, $key) = call_user_func($this->clientCertSource);
+        file_put_contents($certFile, $cert);
+        file_put_contents($keyFile, $key);
 
         // the key and the cert are returned in one temporary file
-        return [$f, $f];
+        return [$certFile, $keyFile];
     }
 }