diff --git a/charts/admission-controller/Chart.yaml b/charts/admission-controller/Chart.yaml
index fe773cf0b..b4dfc99d0 100644
--- a/charts/admission-controller/Chart.yaml
+++ b/charts/admission-controller/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: admission-controller
 description: Sysdig Admission Controller using Sysdig Secure inline image scanner
 type: application
-version: 0.11.8
+version: 0.11.9
 appVersion: 3.9.26
 home: https://sysdiglabs.github.io/admission-controller/
 icon: https://avatars.githubusercontent.com/u/5068817?s=200&v=4
diff --git a/charts/admission-controller/README.md b/charts/admission-controller/README.md
index 73e96d9a9..7c0e23b56 100644
--- a/charts/admission-controller/README.md
+++ b/charts/admission-controller/README.md
@@ -23,7 +23,7 @@ $ pre-commit run -a
 $ helm repo add sysdig https://charts.sysdig.com
 $ helm repo update
 $ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
-      --create-namespace -n sysdig-admission-controller --version=0.11.8  \
+      --create-namespace -n sysdig-admission-controller --version=0.11.9  \
       --set clusterName=CLUSTER_NAME \
       --set sysdig.secureAPIToken=SECURE_API_TOKEN
 ```
@@ -55,7 +55,7 @@ This chart deploys the Sysdig Admission Controller on a [Kubernetes](http://kube
 To install the chart with the release name `admission-controller`:
 
 ```console
-$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller -n sysdig-admission-controller --version=0.11.8
+$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller -n sysdig-admission-controller --version=0.11.9
 ```
 
 The command deploys the Sysdig Admission Controller on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
@@ -181,7 +181,7 @@ Specify each parameter using the **`--set key=value[,key=value]`** argument to `
 
 ```console
 $ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
-    --create-namespace -n sysdig-admission-controller --version=0.11.8 \
+    --create-namespace -n sysdig-admission-controller --version=0.11.9 \
     --set sysdig.secureAPIToken=YOUR-KEY-HERE,clusterName=YOUR-CLUSTER-NAME
 ```
 
@@ -190,7 +190,7 @@ installing the chart. For example:
 
 ```console
 $ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
-    --create-namespace -n sysdig-admission-controller --version=0.11.8 \
+    --create-namespace -n sysdig-admission-controller --version=0.11.9 \
     --values values.yaml
 ```
 
@@ -269,8 +269,6 @@ If your Proxy is served with TLS
     1. Set the `verifySSL=false` parameter
     2. Or set `*.ssl.ca.cert` for both components `webhook` and `scanner`
 
-
-
 ## Usages
 
 
@@ -287,38 +285,23 @@ $ helm upgrade --install sysdig-admission-controller sysdig/admission-controller
 
 ### On Prem
 
-Use the following command to deploy in an on-prem:
-
-```
-$ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
-      --create-namespace -n sysdig-admission-controller \
-      --set clusterName=CLUSTER_NAME \
-      --set sysdig.secureAPIToken=SECURE_API_TOKEN \
-      --set verifySSL=false
-```
-
-Use `verifySSL=false` if you are using self signed certificates.
-
+Sysdig On-Prem installations might use a TLS self-signed server certificate or one from an untrusted CA, so it requires an extra configuration.
 
+#### Ignore TLS certificate verification
 
-### CA Provided
-
-The following command will deploy the admission controller with a custom CA:
-Note: Since the certificates are not provided, they will be autogenerated with the provided CA.
+Use the following command to deploy in an on-prem and ignore the untrusted certificate using `verifySSL=false`:
 
 ```
 $ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
       --create-namespace -n sysdig-admission-controller \
       --set clusterName=CLUSTER_NAME \
       --set sysdig.secureAPIToken=SECURE_API_TOKEN \
-      --set webhook.ssl.ca.cert=YOUR_CA_CERT_AS_PEM_ENCODED \
-      --set webhook.ssl.ca.key=YOUR_CA_KEY_AS_PEM_ENCODED
+      --set verifySSL=false
 ```
 
+#### Custom CA Provided
 
-### CA and Certificates Provided
-
-The following command will deploy the admission controller with a custom CA and valid certificates signed with this CA:
+The following command will deploy the admission controller with a custom CA. The custom CA certificate is added to the trusted certificates store.
 
 ```
 $ helm upgrade --install sysdig-admission-controller sysdig/admission-controller \
@@ -326,9 +309,7 @@ $ helm upgrade --install sysdig-admission-controller sysdig/admission-controller
       --set clusterName=CLUSTER_NAME \
       --set sysdig.secureAPIToken=SECURE_API_TOKEN \
       --set webhook.ssl.ca.cert=YOUR_CA_CERT_AS_PEM_ENCODED \
-      --set webhook.ssl.ca.key=YOUR_CA_KEY_AS_PEM_ENCODED \
-      --set webhook.ssl.cert=YOUR_CERT_AS_PEM_ENCODED \
-      --set webhook.ssl.key=YOUR_KEY_AS_PEM_ENCODED
+      --set scanner.ssl.ca.cert=YOUR_CA_CERT_AS_PEM_ENCODED
 ```
 
 ## Confirm Working Status
@@ -478,7 +459,7 @@ A: [HorizontalAutoScaller](https://github.com/sysdiglabs/charts/blob/master/char
 ### Q: Getting error "x509: certificate signed by unknown authority"
 
 A: Sysdig installation is made with an unverfied certificate, such as self-signed, `SECURE_URL` being `https`
-<br/>S: Add `--set verifySSL=false` to your installation parameters
+<br/>S: Add `--set verifySSL=false` to your installation parameters or configure a trusted CA certificate
 
 
 ### Q: Why is there no support for `ka.sourceips`?
diff --git a/charts/admission-controller/README.tpl b/charts/admission-controller/README.tpl
index e330afad1..89bebdd35 100644
--- a/charts/admission-controller/README.tpl
+++ b/charts/admission-controller/README.tpl
@@ -174,8 +174,6 @@ If your Proxy is served with TLS
     1. Set the `verifySSL=false` parameter
     2. Or set `*.ssl.ca.cert` for both components `webhook` and `scanner`
 
-
-
 ## Usages
 
 
@@ -192,38 +190,23 @@ $ helm upgrade --install sysdig-{{ .Release.Name }} {{ .Repository.Name }}/{{ .C
 
 ### On Prem
 
-Use the following command to deploy in an on-prem:
-
-```
-$ helm upgrade --install sysdig-{{ .Release.Name }} {{ .Repository.Name }}/{{ .Chart.Name }} \
-      --create-namespace -n {{ .Release.Namespace }} \
-      --set clusterName=CLUSTER_NAME \
-      --set sysdig.secureAPIToken=SECURE_API_TOKEN \
-      --set verifySSL=false
-```
-
-Use `verifySSL=false` if you are using self signed certificates.
-
+Sysdig On-Prem installations might use a TLS self-signed server certificate or one from an untrusted CA, so it requires an extra configuration.
 
+#### Ignore TLS certificate verification
 
-### CA Provided
-
-The following command will deploy the admission controller with a custom CA:
-Note: Since the certificates are not provided, they will be autogenerated with the provided CA.
+Use the following command to deploy in an on-prem and ignore the untrusted certificate using `verifySSL=false`:
 
 ```
 $ helm upgrade --install sysdig-{{ .Release.Name }} {{ .Repository.Name }}/{{ .Chart.Name }} \
       --create-namespace -n {{ .Release.Namespace }} \
       --set clusterName=CLUSTER_NAME \
       --set sysdig.secureAPIToken=SECURE_API_TOKEN \
-      --set webhook.ssl.ca.cert=YOUR_CA_CERT_AS_PEM_ENCODED \
-      --set webhook.ssl.ca.key=YOUR_CA_KEY_AS_PEM_ENCODED
+      --set verifySSL=false
 ```
 
+#### Custom CA Provided
 
-### CA and Certificates Provided
-
-The following command will deploy the admission controller with a custom CA and valid certificates signed with this CA:
+The following command will deploy the admission controller with a custom CA. The custom CA certificate is added to the trusted certificates store.
 
 ```
 $ helm upgrade --install sysdig-{{ .Release.Name }} {{ .Repository.Name }}/{{ .Chart.Name }} \
@@ -231,9 +214,7 @@ $ helm upgrade --install sysdig-{{ .Release.Name }} {{ .Repository.Name }}/{{ .C
       --set clusterName=CLUSTER_NAME \
       --set sysdig.secureAPIToken=SECURE_API_TOKEN \
       --set webhook.ssl.ca.cert=YOUR_CA_CERT_AS_PEM_ENCODED \
-      --set webhook.ssl.ca.key=YOUR_CA_KEY_AS_PEM_ENCODED \
-      --set webhook.ssl.cert=YOUR_CERT_AS_PEM_ENCODED \
-      --set webhook.ssl.key=YOUR_KEY_AS_PEM_ENCODED
+      --set scanner.ssl.ca.cert=YOUR_CA_CERT_AS_PEM_ENCODED
 ```
 
 ## Confirm Working Status
@@ -383,7 +364,7 @@ A: [HorizontalAutoScaller](https://github.com/sysdiglabs/charts/blob/master/char
 ### Q: Getting error "x509: certificate signed by unknown authority"
 
 A: Sysdig installation is made with an unverfied certificate, such as self-signed, `SECURE_URL` being `https`
-<br/>S: Add `--set verifySSL=false` to your installation parameters
+<br/>S: Add `--set verifySSL=false` to your installation parameters or configure a trusted CA certificate
 
 
 ### Q: Why is there no support for `ka.sourceips`?