diff --git a/charts/ratify/templates/verifier.yaml b/charts/ratify/templates/verifier.yaml
index cfbafe248..aae8c1f0a 100644
--- a/charts/ratify/templates/verifier.yaml
+++ b/charts/ratify/templates/verifier.yaml
@@ -103,11 +103,7 @@ spec:
           trustedIdentities:
             {{- $trustedIdentities := $policy.trustedIdentities | default (list "*") }}
             {{- range $j, $identity := $trustedIdentities }}
-            {{- if eq $identity "*" }}
-            - "*"
-            {{- else }}
-            - "x509.subject: {{ . }}"
-            {{- end }}
+            - "{{$identity}}"
             {{- end }}
         {{- end }}
 {{- end }}
diff --git a/test/bats/base-test.bats b/test/bats/base-test.bats
index 483bb09fe..6a192a9c8 100644
--- a/test/bats/base-test.bats
+++ b/test/bats/base-test.bats
@@ -81,7 +81,7 @@ RATIFY_NAMESPACE=gatekeeper-system
         --set-file notationCerts[1]="notation-file2.crt" \
         --set-file notationCerts[2]="notation-file3.crt" \
         --set notation.trustPolicies[0].registryScopes[0]="registry1.azurecr.io/" \
-        --set notation.trustPolicies[0].trustedIdentities[0]="cert identity 1" \
+        --set notation.trustPolicies[0].trustedIdentities[0]="x509.subject: cert identity 1" \
         --set notation.trustPolicies[0].trustStores[0]=ca:notationCerts[0] \
         --set notation.trustPolicies[0].trustStores[1]=tsa:notationCerts[1] \
         --set notation.trustPolicies[0].trustStores[2]=signingAuthority:notationCerts[2] \