Specify Operator webhook CA certs

I run Stackgres in an on-premise offline K8s cluster. For the most part, this is working fine. However, when I try to install extensions I get the following error from the Stackgres Operator:

at io.stackgres.operator.mutation.AbstractExtensionsMutator.mutateExtensions(AbstractExtensionsMutator.java:142)
at io.stackgres.operator.mutation.AbstractExtensionsMutator.mutate(AbstractExtensionsMutator.java:44)
[...]
Caused by: jakarta.ws.rs.ProcessingException: RESTEASY004655: Unable to invoke request: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This happens when the Operator webhook tries to get the extensions index at https://extensions.stackgres.io/postgres/repository/v2/index.json. In our network, we have already mirrored this file to the same URL. So that is not the problem. The problem is that I have not found a way to specify the CA bundle that the Operator (webhook) uses.

Is there a way of doing this via some Helm values or in some of the CRD definitions? I have not been able to find anything on this. I tried to override the quay.io/stackgres/operator image with my company's root CA bundle, but that did not seem to work either, I guess because the Operator program is pre-compiled? I have also tried to set some JAVA_OPTS and APP_OPTS without success (i.e. tried to set -Djavax.net.ssl.trustStore=/etc/pki/java/cacerts after adding the CA bundle to the image and doing update-ca-trust).

I am on Stackgres 1.14.1 by the way.