diff --git a/services/provider/server/server.go b/services/provider/server/server.go
index 9f127f80d5..8676854b0e 100644
--- a/services/provider/server/server.go
+++ b/services/provider/server/server.go
@@ -11,7 +11,6 @@ import (
 	"encoding/json"
 	"encoding/pem"
 	"fmt"
-	"k8s.io/utils/ptr"
 	"math"
 	"net"
 	"slices"
@@ -19,6 +18,8 @@ import (
 	"strings"
 	"time"
 
+	"k8s.io/utils/ptr"
+
 	"github.com/blang/semver/v4"
 	nbv1 "github.com/noobaa/noobaa-operator/v5/pkg/apis/noobaa/v1alpha1"
 	quotav1 "github.com/openshift/api/quota/v1"
@@ -193,7 +194,17 @@ func (s *OCSProviderServer) GetStorageConfig(ctx context.Context, req *pb.Storag
 		if err != nil {
 			return nil, status.Errorf(codes.Internal, "Failed to construct status response: %v", err)
 		}
-		desiredClientConfigHash := getDesiredClientConfigHash(channelName, consumerObj)
+
+		storageCluster, err := s.getStorageCluster(ctx)
+		if err != nil {
+			return nil, err
+		}
+
+		desiredClientConfigHash := getDesiredClientConfigHash(
+			channelName,
+			consumerObj,
+			isEncryptionInTransitEnabled(storageCluster.Spec.Network),
+		)
 
 		klog.Infof("successfully returned the config details to the consumer.")
 		return &pb.StorageConfigResponse{
@@ -751,15 +762,12 @@ func (s *OCSProviderServer) GetStorageClaimConfig(ctx context.Context, req *pb.S
 				"csi.storage.k8s.io/controller-expand-secret-name": provisionerSecretName,
 			}
 
-			storageClusters := &ocsv1.StorageClusterList{}
-			if err := s.client.List(ctx, storageClusters, client.InNamespace(s.namespace), client.Limit(2)); err != nil {
-				return nil, status.Errorf(codes.Internal, "failed to get storage cluster: %v", err)
-			}
-			if len(storageClusters.Items) != 1 {
-				return nil, status.Errorf(codes.Internal, "expecting one single storagecluster to exist")
+			storageCluster, err := s.getStorageCluster(ctx)
+			if err != nil {
+				return nil, err
 			}
 			var kernelMountOptions map[string]string
-			for _, option := range strings.Split(util.GetCephFSKernelMountOptions(&storageClusters.Items[0]), ",") {
+			for _, option := range strings.Split(util.GetCephFSKernelMountOptions(storageCluster), ",") {
 				if kernelMountOptions == nil {
 					kernelMountOptions = map[string]string{}
 				}
@@ -847,7 +855,16 @@ func (s *OCSProviderServer) ReportStatus(ctx context.Context, req *pb.ReportStat
 		return nil, status.Errorf(codes.Internal, "Failed to construct status response: %v", err)
 	}
 
-	desiredClientConfigHash := getDesiredClientConfigHash(channelName, storageConsumer)
+	storageCluster, err := s.getStorageCluster(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	desiredClientConfigHash := getDesiredClientConfigHash(
+		channelName,
+		storageConsumer,
+		isEncryptionInTransitEnabled(storageCluster.Spec.Network),
+	)
 
 	return &pb.ReportStatusResponse{
 		DesiredClientOperatorChannel: channelName,
@@ -855,10 +872,11 @@ func (s *OCSProviderServer) ReportStatus(ctx context.Context, req *pb.ReportStat
 	}, nil
 }
 
-func getDesiredClientConfigHash(channelName string, storageConsumer *ocsv1alpha1.StorageConsumer) string {
+func getDesiredClientConfigHash(channelName string, storageConsumer *ocsv1alpha1.StorageConsumer, encryptionInTransit bool) string {
 	var arr = []any{
 		channelName,
 		storageConsumer.Spec.StorageQuotaInGiB,
+		encryptionInTransit,
 	}
 	return util.CalculateMD5Hash(arr)
 }
@@ -878,6 +896,41 @@ func (s *OCSProviderServer) getOCSSubscriptionChannel(ctx context.Context) (stri
 	return subscription.Spec.Channel, nil
 }
 
+func (s *OCSProviderServer) getStorageCluster(ctx context.Context) (*ocsv1.StorageCluster, error) {
+	scList := &ocsv1.StorageClusterList{}
+	if err := s.client.List(ctx, scList, client.InNamespace(s.namespace)); err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to list storage clusters: %v", err)
+	}
+
+	var foundSc *ocsv1.StorageCluster
+	for i := range scList.Items {
+		sc := &scList.Items[i]
+		if sc.Status.Phase == util.PhaseIgnored {
+			continue // Skip Ignored storage cluster
+		}
+		if sc.Spec.AllowRemoteStorageConsumers {
+			if foundSc != nil {
+				// This means we have already found one storage cluster, so this is a second one
+				return nil, status.Errorf(codes.FailedPrecondition, "multiple provider storage clusters found")
+			}
+			foundSc = sc
+		}
+	}
+
+	if foundSc == nil {
+		return nil, status.Errorf(codes.NotFound, "no provider storage cluster found")
+	}
+
+	return foundSc, nil
+}
+
+func isEncryptionInTransitEnabled(networkSpec *rookCephv1.NetworkSpec) bool {
+	return networkSpec != nil &&
+		networkSpec.Connections != nil &&
+		networkSpec.Connections.Encryption != nil &&
+		networkSpec.Connections.Encryption.Enabled
+}
+
 func extractMonitorIps(data string) ([]string, error) {
 	var ips []string
 	mons := strings.Split(data, ",")
diff --git a/services/provider/server/server_test.go b/services/provider/server/server_test.go
index e23635362f..68b34ab224 100644
--- a/services/provider/server/server_test.go
+++ b/services/provider/server/server_test.go
@@ -275,6 +275,15 @@ func TestGetExternalResources(t *testing.T) {
 	ocsSubscription.Spec = ocsSubscriptionSpec
 	assert.NoError(t, client.Create(ctx, ocsSubscription))
 
+	storageCluster := &ocsv1.StorageCluster{
+		Spec: ocsv1.StorageClusterSpec{
+			AllowRemoteStorageConsumers: true,
+		},
+	}
+	storageCluster.Name = "test-storagecluster"
+	storageCluster.Namespace = serverNamespace
+	assert.NoError(t, client.Create(ctx, storageCluster))
+
 	// When ocsv1alpha1.StorageConsumerStateReady
 	req := pb.StorageConfigRequest{
 		StorageConsumerUUID: string(consumerResource.UID),