diff --git a/test/bats/base-test.bats b/test/bats/base-test.bats
index 512b26dffe..5f76c569af 100644
--- a/test/bats/base-test.bats
+++ b/test/bats/base-test.bats
@@ -102,7 +102,9 @@ RATIFY_NAMESPACE=gatekeeper-system
         wait_for_process ${WAIT_TIME} ${SLEEP_TIME} 'kubectl delete pod demo-tsa --namespace default --force --ignore-not-found=true'
 
         sed -i '10,$d' ./test/bats/tests/config/config_v1beta1_keymanagementprovider_inline.yaml
-        run kubectl apply -f ./test/bats/tests/config/config_v1beta1_verifier_notation_kmprovider.yaml
+
+        # restore the original notation verifier for other tests
+        wait_for_process ${WAIT_TIME} ${SLEEP_TIME} 'kubectl apply -f ./config/samples/clustered/verifier/config_v1beta1_verifier_notation.yaml'
     }
 
     # add the tsaroot certificate as an inline key management provider
diff --git a/test/bats/tests/config/config_v1beta1_verifier_notation_tsa.yaml b/test/bats/tests/config/config_v1beta1_verifier_notation_tsa.yaml
index 3310abca5f..85445c6fee 100644
--- a/test/bats/tests/config/config_v1beta1_verifier_notation_tsa.yaml
+++ b/test/bats/tests/config/config_v1beta1_verifier_notation_tsa.yaml
@@ -7,9 +7,12 @@ spec:
   artifactTypes: application/vnd.cncf.notary.signature
   parameters:
     verificationCertStores:
+      ca:
+        ca-certs:
+          - certstore-inline
       tsa:
         tsa-certs:
-        - keymanagementprovider-inline
+          - keymanagementprovider-inline
     trustPolicyDoc:
       version: "1.0"
       trustPolicies:
@@ -19,6 +22,7 @@ spec:
           signatureVerification:
             level: strict
           trustStores:
+            - ca:ca-certs
             - tsa:tsa-certs
           trustedIdentities:
             - "*"