diff --git a/manageiq-operator/api/v1alpha1/helpers/miq-components/httpd.go b/manageiq-operator/api/v1alpha1/helpers/miq-components/httpd.go
index 91d318e86..a9f9fd140 100644
--- a/manageiq-operator/api/v1alpha1/helpers/miq-components/httpd.go
+++ b/manageiq-operator/api/v1alpha1/helpers/miq-components/httpd.go
@@ -74,12 +74,12 @@ func Route(cr *miqv1alpha1.ManageIQ, scheme *runtime.Scheme, client client.Clien
 
 		route.Spec.Host = cr.Spec.ApplicationDomain
 
-		var public = tlsSecret(cr, client)
-		route.Spec.TLS.Certificate = string(public.Data["tls.crt"])
-		route.Spec.TLS.Key = string(public.Data["tls.key"])
-
-		internalCerts := InternalCertificatesSecret(cr, client)
-		route.Spec.TLS.DestinationCACertificate = string(internalCerts.Data["root_crt"])
+		if internalCerts := InternalCertificatesSecret(cr, client); internalCerts.Data["httpd_crt"] != nil {
+			route.Spec.TLS.DestinationCACertificate = string(internalCerts.Data["root_crt"])
+			route.Spec.TLS.Termination = "reencrypt"
+		} else {
+			route.Spec.TLS.Termination = "edge"
+		}
 
 		return nil
 	}
diff --git a/manageiq-operator/internal/controller/manageiq_controller.go b/manageiq-operator/internal/controller/manageiq_controller.go
index 838b7fd7d..70ada47ff 100644
--- a/manageiq-operator/internal/controller/manageiq_controller.go
+++ b/manageiq-operator/internal/controller/manageiq_controller.go
@@ -38,6 +38,7 @@ import (
 	miqtool "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/helpers/miq-components"
 	miqkafka "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/helpers/miq-components/kafka"
 	miqutilsv1alpha1 "github.com/ManageIQ/manageiq-pods/manageiq-operator/api/v1alpha1/miqutils"
+	routev1 "github.com/openshift/api/route/v1"
 	apimeta "k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -425,7 +426,8 @@ func (r *ManageIQReconciler) generateHttpdResources(cr *miqv1alpha1.ManageIQ) er
 		return err
 	}
 
-	if internalCerts := miqtool.InternalCertificatesSecret(cr, r.Client); internalCerts.Data["httpd_crt"] != nil {
+	// Prefer routes if available, otherwise use ingress
+	if err := r.Client.List(context.TODO(), &routev1.RouteList{}); err == nil {
 		httpdRoute, mutateFunc := miqtool.Route(cr, r.Scheme, r.Client)
 		if result, err := controllerutil.CreateOrUpdate(context.TODO(), r.Client, httpdRoute, mutateFunc); err != nil {
 			return err