diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9ef335fc..0365d95f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -24,6 +24,8 @@ All notable changes to this project will be documented in this file.
 ### Fixed
 
 - Underscores are now allowed in Kerberos principal names ([#563]).
+- The issuer in generated TLS certificates is set to the subject of the issuing
+  certificate ([#566]).
 
 [#528]: https://github.com/stackabletech/secret-operator/pull/528
 [#544]: https://github.com/stackabletech/secret-operator/pull/544
@@ -32,6 +34,7 @@ All notable changes to this project will be documented in this file.
 [#552]: https://github.com/stackabletech/secret-operator/pull/552
 [#563]: https://github.com/stackabletech/secret-operator/pull/563
 [#564]: https://github.com/stackabletech/secret-operator/pull/564
+[#566]: https://github.com/stackabletech/secret-operator/pull/566
 [#569]: https://github.com/stackabletech/secret-operator/pull/569
 
 ## [24.11.1] - 2025-01-10
diff --git a/rust/operator-binary/src/backend/tls/mod.rs b/rust/operator-binary/src/backend/tls/mod.rs
index 8f0b3eb0..a223659e 100644
--- a/rust/operator-binary/src/backend/tls/mod.rs
+++ b/rust/operator-binary/src/backend/tls/mod.rs
@@ -273,7 +273,7 @@ impl SecretBackend for TlsGenerate {
                     })?
                     .build();
                 x509.set_subject_name(&subject_name)?;
-                x509.set_issuer_name(ca.certificate.issuer_name())?;
+                x509.set_issuer_name(ca.certificate.subject_name())?;
                 x509.set_not_before(Asn1Time::from_unix(not_before.unix_timestamp())?.as_ref())?;
                 x509.set_not_after(Asn1Time::from_unix(not_after.unix_timestamp())?.as_ref())?;
                 x509.set_pubkey(&pod_key)?;