diff --git a/cmd/root.go b/cmd/root.go
index 74048df..d84cbb6 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -61,8 +61,8 @@ func init() {
 	rootCmd.PersistentFlags().Duration("mfaDelay", time.Second*10, "Delay between MFA Attempts, only used in noninteractive modes")
 
 	rootCmd.PersistentFlags().Bool("tlsSkipVerify", false, "Allow servers with self-signed certificates")
-	rootCmd.PersistentFlags().String("tlsClientPrivateKey", "", "Client private key for mtls")
-	rootCmd.PersistentFlags().String("tlsClientCert", "", "Client certificate for mtls")
+	rootCmd.PersistentFlags().String("tlsClientPrivateKeyFile", "", "Client private key for mtls")
+	rootCmd.PersistentFlags().String("tlsClientCertFile", "", "Client certificate for mtls")
 
 	viper.BindPFlag("debug", rootCmd.PersistentFlags().Lookup("debug"))
 	viper.BindPFlag("timeout", rootCmd.PersistentFlags().Lookup("timeout"))
diff --git a/util/http.go b/util/http.go
index b244a0c..9ab238f 100644
--- a/util/http.go
+++ b/util/http.go
@@ -17,12 +17,12 @@ func GetClientCertificate() (tls.Certificate, error) {
 		return tls.Certificate{}, nil
 	}
 	if certExists && !keyExists {
-		return tls.Certificate{}, fmt.Errorf("Client TLS private key is empty, but client TLS cert was sent.")
+		return tls.Certificate{}, fmt.Errorf("Client TLS private key is empty, but client TLS cert was set.")
 	}
 	if !certExists && keyExists {
-		return tls.Certificate{}, fmt.Errorf("Client TLS cert is empty, but client TLS private key was sent.")
+		return tls.Certificate{}, fmt.Errorf("Client TLS cert is empty, but client TLS private key was set.")
 	}
-	return tls.LoadX509KeyPair("client.cert", "client-key.pem")
+	return tls.LoadX509KeyPair(cert, key)
 }
 
 func GetHttpClient() (*http.Client, error) {