diff --git a/test/e2e/framework/helper/featureset/featureset.go b/test/e2e/framework/helper/featureset/featureset.go
index 21f0e8124..ccaa022d6 100644
--- a/test/e2e/framework/helper/featureset/featureset.go
+++ b/test/e2e/framework/helper/featureset/featureset.go
@@ -128,6 +128,10 @@ const (
 	OnlySAN = "OnlySAN"
 
 	// SaveCAToSecret denotes whether the target issuer returns a CA
-	// certificate which can be stored in the CA.crt field of the Secret.
+	// certificate which can be stored in the ca.crt field of the Secret.
 	SaveCAToSecret = "SaveCAToSecret"
+
+	// SaveRootCAToSecret denotes whether the CA certificate is expected to
+	// represent a root CA (sub-feature of SaveCAToSecret)
+	SaveRootCAToSecret = "SaveRootCAToSecret"
 )
diff --git a/test/e2e/framework/helper/validate.go b/test/e2e/framework/helper/validate.go
index 914f5cdf6..12dbc6ee5 100644
--- a/test/e2e/framework/helper/validate.go
+++ b/test/e2e/framework/helper/validate.go
@@ -72,7 +72,9 @@ func (h *Helper) ValidationSetForUnsupportedFeatureSet(fs featureset.FeatureSet)
 
 	if !fs.Contains(featureset.SaveCAToSecret) {
 		out = append(out, validations.ExpectCorrectTrustChain)
-		out = append(out, validations.ExpectCARootCertificate)
+		if !fs.Contains(featureset.SaveRootCAToSecret) {
+			out = append(out, validations.ExpectCARootCertificate)
+		}
 	}
 
 	return out
diff --git a/test/e2e/suite/conformance/certificates/vault/vault_approle.go b/test/e2e/suite/conformance/certificates/vault/vault_approle.go
index 5614c1531..75864d10e 100644
--- a/test/e2e/suite/conformance/certificates/vault/vault_approle.go
+++ b/test/e2e/suite/conformance/certificates/vault/vault_approle.go
@@ -43,6 +43,7 @@ const (
 var _ = framework.ConformanceDescribe("Certificates", func() {
 	var unsupportedFeatures = featureset.NewFeatureSet(
 		featureset.KeyUsagesFeature,
+		featureset.SaveRootCAToSecret,
 	)
 
 	provisioner := new(vaultAppRoleProvisioner)
diff --git a/test/e2e/suite/issuers/vault/certificate/BUILD.bazel b/test/e2e/suite/issuers/vault/certificate/BUILD.bazel
index 608fb89f5..4616553d9 100644
--- a/test/e2e/suite/issuers/vault/certificate/BUILD.bazel
+++ b/test/e2e/suite/issuers/vault/certificate/BUILD.bazel
@@ -15,6 +15,7 @@ go_library(
         "//test/e2e/framework:go_default_library",
         "//test/e2e/framework/addon:go_default_library",
         "//test/e2e/framework/addon/vault:go_default_library",
+        "//test/e2e/framework/helper/featureset:go_default_library",
         "//test/e2e/util:go_default_library",
         "//test/unit/gen:go_default_library",
         "@com_github_onsi_ginkgo//:go_default_library",
diff --git a/test/e2e/suite/issuers/vault/certificate/approle.go b/test/e2e/suite/issuers/vault/certificate/approle.go
index dce62d5b6..f1a1b4e86 100644
--- a/test/e2e/suite/issuers/vault/certificate/approle.go
+++ b/test/e2e/suite/issuers/vault/certificate/approle.go
@@ -31,6 +31,7 @@ import (
 	"github.com/jetstack/cert-manager/test/e2e/framework"
 	"github.com/jetstack/cert-manager/test/e2e/framework/addon"
 	vaultaddon "github.com/jetstack/cert-manager/test/e2e/framework/addon/vault"
+	"github.com/jetstack/cert-manager/test/e2e/framework/helper/featureset"
 	"github.com/jetstack/cert-manager/test/e2e/util"
 	"github.com/jetstack/cert-manager/test/unit/gen"
 )
@@ -171,7 +172,8 @@ func runVaultAppRoleTests(issuerKind string) {
 		Expect(err).NotTo(HaveOccurred())
 
 		By("Validating the issued Certificate...")
-		err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName)
+		unsupportedFeatures := featureset.NewFeatureSet(featureset.SaveRootCAToSecret)
+		err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName, f.Helper().ValidationSetForUnsupportedFeatureSet(unsupportedFeatures)...)
 		Expect(err).NotTo(HaveOccurred())
 
 	})
@@ -266,7 +268,8 @@ func runVaultAppRoleTests(issuerKind string) {
 			Expect(err).NotTo(HaveOccurred())
 
 			By("Validating the issued Certificate...")
-			err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName)
+			unsupportedFeatures := featureset.NewFeatureSet(featureset.SaveRootCAToSecret)
+			err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName, f.Helper().ValidationSetForUnsupportedFeatureSet(unsupportedFeatures)...)
 			Expect(err).NotTo(HaveOccurred())
 
 			// Vault subtract 30 seconds to the NotBefore date.
diff --git a/test/e2e/suite/issuers/vault/certificate/approle_custom_mount.go b/test/e2e/suite/issuers/vault/certificate/approle_custom_mount.go
index 6e50474af..6fb3c04d0 100644
--- a/test/e2e/suite/issuers/vault/certificate/approle_custom_mount.go
+++ b/test/e2e/suite/issuers/vault/certificate/approle_custom_mount.go
@@ -30,6 +30,7 @@ import (
 	"github.com/jetstack/cert-manager/test/e2e/framework"
 	"github.com/jetstack/cert-manager/test/e2e/framework/addon"
 	vaultaddon "github.com/jetstack/cert-manager/test/e2e/framework/addon/vault"
+	"github.com/jetstack/cert-manager/test/e2e/framework/helper/featureset"
 	"github.com/jetstack/cert-manager/test/e2e/util"
 	"github.com/jetstack/cert-manager/test/unit/gen"
 )
@@ -169,7 +170,8 @@ func runVaultCustomAppRoleTests(issuerKind string) {
 		Expect(err).NotTo(HaveOccurred())
 
 		By("Validating the issued Certificate...")
-		err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName)
+		unsupportedFeatures := featureset.NewFeatureSet(featureset.SaveRootCAToSecret)
+		err = f.Helper().ValidateCertificate(f.Namespace.Name, certificateName, f.Helper().ValidationSetForUnsupportedFeatureSet(unsupportedFeatures)...)
 		Expect(err).NotTo(HaveOccurred())
 	})
 }