diff --git a/src/DIRAC/ConfigurationSystem/Client/PathFinder.py b/src/DIRAC/ConfigurationSystem/Client/PathFinder.py
index 6cfcb3b2cde..e4afe89d51a 100755
--- a/src/DIRAC/ConfigurationSystem/Client/PathFinder.py
+++ b/src/DIRAC/ConfigurationSystem/Client/PathFinder.py
@@ -248,7 +248,7 @@ def getServiceURLs(system, service=None, setup=False, failover=False):
     return resList
 
 
-def useLegacyAdapter(system, service=None) -> bool:
+def useLegacyAdapter(system, service=None, useCertificates=None) -> bool:
     """Should DiracX be used for this service via the legacy adapter mechanism
 
     :param str system: system name or full name e.g.: Framework/ProxyManager
@@ -261,15 +261,22 @@ def useLegacyAdapter(system, service=None) -> bool:
     # Check if DiracX is enabled for this service
     system, service = divideFullName(system, service)
     value = gConfigurationData.extractOptionFromCFG(f"/DiracX/LegacyClientEnabled/{system}/{service}")
-    isServiceEnabled = (value or "no").lower() in ("y", "yes", "true", "1")
-    # Check if DiracX is enabled for this VO
+    if (value or "no").lower() not in ("y", "yes", "true", "1"):
+        return False
+
+    # Check if we are using a server certificate: in this case we cannot use DiracX
+    if not useCertificates:
+        useCertificates = gConfigurationData.useServerCertificate()
+    if useCertificates:
+        return False
+
+    # We are using a proxy: check if DiracX is enabled for this VO
     result = getProxyInfo()
     if not result["OK"]:
         return False
     value = gConfigurationData.extractOptionFromCFG(f"/Registry/Groups/{result['Value']['group']}/VO")
-    isVOEnabled = value not in getDisabledDiracxVOs()
 
-    return isServiceEnabled and isVOEnabled
+    return value not in getDisabledDiracxVOs()
 
 
 def getServiceURL(system, service=None, setup=False):
diff --git a/src/DIRAC/Core/Tornado/Client/ClientSelector.py b/src/DIRAC/Core/Tornado/Client/ClientSelector.py
index 741a6dc20bf..33914738c9d 100644
--- a/src/DIRAC/Core/Tornado/Client/ClientSelector.py
+++ b/src/DIRAC/Core/Tornado/Client/ClientSelector.py
@@ -66,7 +66,7 @@ def ClientSelector(disetClient, *args, **kwargs):  # We use same interface as RP
         # If we are not already given a URL, resolve it
         if serviceName.startswith(("http", "dip")):
             completeUrl = serviceName
-        elif useLegacyAdapter(serviceName):
+        elif useLegacyAdapter(serviceName, kwargs.get("useCertificates")):
             sLog.debug(f"Using legacy adapter for service {serviceName}")
             if diracxClient is None:
                 raise NotImplementedError(