diff --git a/pkg/storage/elasticsearch.go b/pkg/storage/elasticsearch.go
index adef026a68..29ae439cfe 100644
--- a/pkg/storage/elasticsearch.go
+++ b/pkg/storage/elasticsearch.go
@@ -50,6 +50,7 @@ func CreateElasticsearchObjects(j *v1alpha1.Jaeger, collector, query *v1.PodSpec
 	return os, nil
 }
 
+// TODO inject curator certs to es-index-cleaner
 func inject(p *v1.PodSpec) {
 	p.Volumes = append(p.Volumes, v1.Volume{
 		Name: volumeName,
diff --git a/pkg/storage/elasticsearch_secrets.go b/pkg/storage/elasticsearch_secrets.go
index 228c417e69..b387a16a7a 100644
--- a/pkg/storage/elasticsearch_secrets.go
+++ b/pkg/storage/elasticsearch_secrets.go
@@ -38,6 +38,11 @@ var secretCertificates = map[string]map[string]string{
 	"jaeger-elasticsearch": {
 		"ca": "ca.crt",
 	},
+	"curator": {
+		"ca":   "ca.crt",
+		"key":  "system.logging.curator.key",
+		"cert": "system.logging.curator.crt",
+	},
 }
 
 func createESSecrets(jaeger *v1alpha1.Jaeger) []*v1.Secret {
diff --git a/scripts/cert_generation.sh b/scripts/cert_generation.sh
index 80fab58fde..0a60bb08d8 100644
--- a/scripts/cert_generation.sh
+++ b/scripts/cert_generation.sh
@@ -257,6 +257,7 @@ init_cert_files
 create_signing_conf
 
 generate_certs 'system.admin'
+generate_certs 'system.logging.curator'
 
 # TODO: get es SAN DNS, IP values from es service names
 generate_certs 'elasticsearch' "$(generate_extensions true true elasticsearch elasticsearch-infra elasticsearch-apps)"