diff --git a/cmd/ctl/pkg/inspect/secret/secret_test.go b/cmd/ctl/pkg/inspect/secret/secret_test.go
index 269b2d8c9..f9b145dfc 100644
--- a/cmd/ctl/pkg/inspect/secret/secret_test.go
+++ b/cmd/ctl/pkg/inspect/secret/secret_test.go
@@ -89,7 +89,7 @@ func Test_describeCertificate(t *testing.T) {
 			want: `Certificate:
 	Signing Algorithm:	SHA256-RSA
 	Public Key Algorithm: 	ECDSA
-	Serial Number:	318510152735780923476564623737462169902
+	Serial Number:	135264542196636937349115151139823201377
 	Fingerprints: 	A9:4D:28:6F:1E:78:4A:72:C7:38:01:7C:31:CC:42:09:C7:46:9C:6A:26:C5:71:1A:F1:35:11:6E:BA:C3:BA:5A
 	Is a CA certificate: false
 	CRL:	<none>
@@ -275,7 +275,7 @@ func Test_describeValidFor(t *testing.T) {
 	Email Addresses: 
 		- test@cert-manager.io
 	Usages: 
-		- signing
+		- digital signature
 		- key encipherment
 		- any
 		- server auth
diff --git a/pkg/api/util/usages.go b/pkg/api/util/usages.go
index 08674a50f..32a4d6348 100644
--- a/pkg/api/util/usages.go
+++ b/pkg/api/util/usages.go
@@ -91,6 +91,9 @@ func ExtKeyUsageStrings(usage []x509.ExtKeyUsage) []cmapi.KeyUsage {
 // keyUsageString returns the cmapi.KeyUsage and "unknown" if not found
 func keyUsageString(usage x509.KeyUsage) cmapi.KeyUsage {
 	for k, v := range keyUsages {
+		if usage == x509.KeyUsageDigitalSignature {
+			return cmapi.UsageDigitalSignature // we have KeyUsageDigitalSignature twice in our array, we should be consistent when parsing
+		}
 		if usage == v {
 			return k
 		}