diff --git a/tools/pd-ctl/pdctl/command/cluster_command.go b/tools/pd-ctl/pdctl/command/cluster_command.go
index 631397a2dcf..0b3cda8a867 100644
--- a/tools/pd-ctl/pdctl/command/cluster_command.go
+++ b/tools/pd-ctl/pdctl/command/cluster_command.go
@@ -21,8 +21,8 @@ func NewClusterCommand() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:               "cluster",
 		Short:             "show the cluster information",
-		Run:               showClusterCommandFunc,
 		PersistentPreRunE: requirePDClient,
+		Run:               showClusterCommandFunc,
 	}
 	cmd.AddCommand(NewClusterStatusCommand())
 	return cmd
diff --git a/tools/pd-ctl/pdctl/command/global.go b/tools/pd-ctl/pdctl/command/global.go
index 1fee5f42f21..4f20b0b35b4 100644
--- a/tools/pd-ctl/pdctl/command/global.go
+++ b/tools/pd-ctl/pdctl/command/global.go
@@ -34,7 +34,6 @@ import (
 
 const (
 	pdControlCallerID = "pd-ctl"
-	pingPrefix        = "pd/api/v1/ping"
 	clusterPrefix     = "pd/api/v1/cluster"
 )
 
@@ -70,9 +69,9 @@ func requirePDClient(cmd *cobra.Command, _ []string) error {
 		if err != nil {
 			return err
 		}
-		return InitNewPDClientWithTLS(cmd, caPath, certPath, keyPath)
+		return initNewPDClientWithTLS(cmd, caPath, certPath, keyPath)
 	}
-	return InitNewPDClient(cmd)
+	return initNewPDClient(cmd)
 }
 
 // shouldInitPDClient checks whether we should create a new PD client according to the cluster information.
@@ -101,8 +100,7 @@ func shouldInitPDClient(cmd *cobra.Command) (bool, error) {
 	return currentClusterInfo.GetId() == 0 || newClusterInfo.GetId() != currentClusterInfo.GetId(), nil
 }
 
-// InitNewPDClient creates a PD HTTP client with the given PD addresses.
-func InitNewPDClient(cmd *cobra.Command, opts ...pd.ClientOption) error {
+func initNewPDClient(cmd *cobra.Command, opts ...pd.ClientOption) error {
 	if should, err := shouldInitPDClient(cmd); !should || err != nil {
 		return err
 	}
@@ -113,13 +111,12 @@ func InitNewPDClient(cmd *cobra.Command, opts ...pd.ClientOption) error {
 	return nil
 }
 
-// InitNewPDClientWithTLS creates a PD HTTP client with the given PD addresses and TLS config.
-func InitNewPDClientWithTLS(cmd *cobra.Command, caPath, certPath, keyPath string) error {
+func initNewPDClientWithTLS(cmd *cobra.Command, caPath, certPath, keyPath string) error {
 	tlsConfig, err := initTLSConfig(caPath, certPath, keyPath)
 	if err != nil {
 		return err
 	}
-	InitNewPDClient(cmd, pd.WithTLSConfig(tlsConfig))
+	initNewPDClient(cmd, pd.WithTLSConfig(tlsConfig))
 	return nil
 }
 
@@ -128,8 +125,28 @@ var dialClient = &http.Client{
 	Transport: apiutil.NewCallerIDRoundTripper(http.DefaultTransport, pdControlCallerID),
 }
 
-// InitHTTPSClient creates https client with ca file
-func InitHTTPSClient(caPath, certPath, keyPath string) error {
+// RequireHTTPSClient creates a HTTPS client if the related flags are set
+func RequireHTTPSClient(cmd *cobra.Command, args []string) error {
+	caPath, err := cmd.Flags().GetString("cacert")
+	if err == nil && len(caPath) != 0 {
+		certPath, err := cmd.Flags().GetString("cert")
+		if err != nil {
+			return err
+		}
+		keyPath, err := cmd.Flags().GetString("key")
+		if err != nil {
+			return err
+		}
+		err = initHTTPSClient(caPath, certPath, keyPath)
+		if err != nil {
+			cmd.Println(err)
+			return err
+		}
+	}
+	return nil
+}
+
+func initHTTPSClient(caPath, certPath, keyPath string) error {
 	tlsConfig, err := initTLSConfig(caPath, certPath, keyPath)
 	if err != nil {
 		return err
diff --git a/tools/pd-ctl/pdctl/command/ping_command.go b/tools/pd-ctl/pdctl/command/ping_command.go
index 38e99e0516d..6622b079d47 100644
--- a/tools/pd-ctl/pdctl/command/ping_command.go
+++ b/tools/pd-ctl/pdctl/command/ping_command.go
@@ -21,6 +21,8 @@ import (
 	"github.com/spf13/cobra"
 )
 
+const pingPrefix = "pd/api/v1/ping"
+
 // NewPingCommand return a ping subcommand of rootCmd
 func NewPingCommand() *cobra.Command {
 	m := &cobra.Command{
diff --git a/tools/pd-ctl/pdctl/ctl.go b/tools/pd-ctl/pdctl/ctl.go
index ee78f886c0f..d5ead437dbb 100644
--- a/tools/pd-ctl/pdctl/ctl.go
+++ b/tools/pd-ctl/pdctl/ctl.go
@@ -35,8 +35,10 @@ func init() {
 // GetRootCmd is exposed for integration tests. But it can be embedded into another suite, too.
 func GetRootCmd() *cobra.Command {
 	rootCmd := &cobra.Command{
-		Use:   "pd-ctl",
-		Short: "Placement Driver control",
+		Use:               "pd-ctl",
+		Short:             "Placement Driver control",
+		PersistentPreRunE: command.RequireHTTPSClient,
+		SilenceErrors:     true,
 	}
 
 	rootCmd.PersistentFlags().StringP("pd", "u", "http://127.0.0.1:2379", "address of PD")
@@ -44,6 +46,8 @@ func GetRootCmd() *cobra.Command {
 	rootCmd.PersistentFlags().String("cert", "", "path of file that contains X509 certificate in PEM format")
 	rootCmd.PersistentFlags().String("key", "", "path of file that contains X509 key in PEM format")
 
+	rootCmd.Flags().ParseErrorsWhitelist.UnknownFlags = true
+
 	rootCmd.AddCommand(
 		command.NewConfigCommand(),
 		command.NewRegionCommand(),
@@ -70,29 +74,6 @@ func GetRootCmd() *cobra.Command {
 		command.NewResourceManagerCommand(),
 	)
 
-	rootCmd.Flags().ParseErrorsWhitelist.UnknownFlags = true
-	rootCmd.SilenceErrors = true
-
-	rootCmd.PersistentPreRunE = func(cmd *cobra.Command, args []string) error {
-		caPath, err := cmd.Flags().GetString("cacert")
-		if err == nil && len(caPath) != 0 {
-			certPath, err := cmd.Flags().GetString("cert")
-			if err != nil {
-				return err
-			}
-			keyPath, err := cmd.Flags().GetString("key")
-			if err != nil {
-				return err
-			}
-			err = command.InitHTTPSClient(caPath, certPath, keyPath)
-			if err != nil {
-				rootCmd.Println(err)
-				return err
-			}
-		}
-		return nil
-	}
-
 	return rootCmd
 }