diff --git a/charts/gmsa/templates/_helpers.tpl b/charts/gmsa/templates/_helpers.tpl
index d78cedee..4d7eb630 100644
--- a/charts/gmsa/templates/_helpers.tpl
+++ b/charts/gmsa/templates/_helpers.tpl
@@ -26,7 +26,9 @@ apiVersion: cert-manager.io/v1
 {{- end }}
 
 {{- define "certificates.cabundle"}}
-{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+{{- if .Values.certificates.caBundle }}
+{{- .Values.certificates.caBundle }}
+{{- else if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
 {{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.certificates.secretName) -}}
 {{- if lt (len $secret) 1 -}}
 {{- required (printf "CA Bundle secret '%s' in namespace '%s' must exist" .Values.certificates.secretName .Release.Namespace) "" -}}
diff --git a/charts/gmsa/templates/mutatingwebhook.yaml b/charts/gmsa/templates/mutatingwebhook.yaml
index 5ff2568a..53510fbc 100644
--- a/charts/gmsa/templates/mutatingwebhook.yaml
+++ b/charts/gmsa/templates/mutatingwebhook.yaml
@@ -15,7 +15,7 @@ webhooks:
         namespace: {{.Release.Namespace}}
         path: "/mutate"
       {{- if not (.Values.certificates.certManager.enabled) }}
-      caBundle: {{ .Values.certificates.caBundle }}
+      caBundle: {{ template "certificates.cabundle" . }}
       {{- end }}
     rules:
       - operations: ["CREATE"]
diff --git a/charts/gmsa/templates/validatingwebhook.yaml b/charts/gmsa/templates/validatingwebhook.yaml
index 8c76eeee..ea079c0b 100644
--- a/charts/gmsa/templates/validatingwebhook.yaml
+++ b/charts/gmsa/templates/validatingwebhook.yaml
@@ -15,7 +15,7 @@ webhooks:
         namespace: {{ .Release.Namespace }}
         path: "/validate"
       {{- if not (.Values.certificates.certManager.enabled) }}
-      caBundle: {{ .Values.certificates.caBundle }}
+      caBundle: {{ template "certificates.cabundle" . }}
       {{- end }}
     rules:
       - operations: ["CREATE", "UPDATE"]