diff --git a/install/installer/pkg/components/proxy/deployment.go b/install/installer/pkg/components/proxy/deployment.go
index 71b407b08b074f..063bc61f700c39 100644
--- a/install/installer/pkg/components/proxy/deployment.go
+++ b/install/installer/pkg/components/proxy/deployment.go
@@ -52,7 +52,9 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 				SecretName: ctx.Config.Certificate.Name,
 			},
 		},
-	}}
+	},
+		common.CAVolume(),
+	}
 
 	volumeMounts := []corev1.VolumeMount{{
 		Name:      "vhosts",
@@ -60,7 +62,8 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 	}, {
 		Name:      "config-certificates",
 		MountPath: "/etc/caddy/certificates",
-	}}
+	},
+		common.CAVolumeMount()}
 
 	if pointer.BoolDeref(ctx.Config.ContainerRegistry.InCluster, false) {
 		volumes = append(volumes, corev1.Volume{
diff --git a/install/installer/pkg/components/public-api-server/deployment.go b/install/installer/pkg/components/public-api-server/deployment.go
index d95a9b42701e93..14cb5453c1d967 100644
--- a/install/installer/pkg/components/public-api-server/deployment.go
+++ b/install/installer/pkg/components/public-api-server/deployment.go
@@ -50,6 +50,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 			},
 		},
 		databaseSecretVolume,
+		common.CAVolume(),
 	}
 	volumeMounts := []corev1.VolumeMount{
 		{
@@ -59,6 +60,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 			SubPath:   configJSONFilename,
 		},
 		databaseSecretMount,
+		common.CAVolumeMount(),
 	}
 
 	_ = ctx.WithExperimental(func(cfg *experimental.Config) error {
diff --git a/install/installer/pkg/components/public-api-server/deployment_test.go b/install/installer/pkg/components/public-api-server/deployment_test.go
index 6828cd5a137631..8296943397a362 100644
--- a/install/installer/pkg/components/public-api-server/deployment_test.go
+++ b/install/installer/pkg/components/public-api-server/deployment_test.go
@@ -64,6 +64,16 @@ func TestDeployment_ServerArguments(t *testing.T) {
 				},
 			},
 		},
+		{
+			Name: "ca-certificates",
+			VolumeSource: corev1.VolumeSource{
+				ConfigMap: &corev1.ConfigMapVolumeSource{
+					LocalObjectReference: corev1.LocalObjectReference{
+						Name: "gitpod-ca-bundle",
+					},
+				},
+			},
+		},
 		{
 			Name: "stripe-secret",
 			VolumeSource: corev1.VolumeSource{