diff --git a/internal/controller/identityprovider/webhookcachefiller/webhookcachefiller.go b/internal/controller/identityprovider/webhookcachefiller/webhookcachefiller.go
index 6b67d940..867ba6dc 100644
--- a/internal/controller/identityprovider/webhookcachefiller/webhookcachefiller.go
+++ b/internal/controller/identityprovider/webhookcachefiller/webhookcachefiller.go
@@ -123,5 +123,5 @@ func getCABundle(spec *idpv1alpha1.TLSSpec) ([]byte, error) {
 	if spec == nil {
 		return nil, nil
 	}
-	return base64.RawStdEncoding.DecodeString(spec.CertificateAuthorityData)
+	return base64.StdEncoding.DecodeString(spec.CertificateAuthorityData)
 }
diff --git a/internal/controller/identityprovider/webhookcachefiller/webhookcachefiller_test.go b/internal/controller/identityprovider/webhookcachefiller/webhookcachefiller_test.go
index c2d9fc17..82e4fa35 100644
--- a/internal/controller/identityprovider/webhookcachefiller/webhookcachefiller_test.go
+++ b/internal/controller/identityprovider/webhookcachefiller/webhookcachefiller_test.go
@@ -159,7 +159,7 @@ func TestNewWebhookAuthenticator(t *testing.T) {
 		spec := &idpv1alpha1.WebhookIdentityProviderSpec{
 			Endpoint: url,
 			TLS: &idpv1alpha1.TLSSpec{
-				CertificateAuthorityData: base64.RawStdEncoding.EncodeToString([]byte(caBundle)),
+				CertificateAuthorityData: base64.StdEncoding.EncodeToString([]byte(caBundle)),
 			},
 		}
 		res, err := newWebhookAuthenticator(spec, ioutil.TempFile, clientcmd.WriteToFile)