diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 290f2af..c0f21ab 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,6 +15,12 @@ jobs:
       fail-fast: false
       matrix:
         include:
+          - id: ubuntu-24.04
+            triplet: x64-linux
+            compiler: gcc
+            os: ubuntu-24.04
+            generator: Unix Makefiles
+            vcpkg_root:
           - id: ubuntu-22.04
             triplet: x64-linux
             compiler: gcc
@@ -105,7 +111,7 @@ jobs:
       if: runner.os == 'Linux'
       run: |
         sudo apt-get update
-        sudo apt-get install -y libssl-dev libcurl4-openssl-dev faketime
+        sudo apt-get install -y libssl-dev zlib1g-dev python3-cryptography
 
     - name: Install brew dependencies (macOS)
       if: runner.os == 'macOS'
@@ -124,6 +130,20 @@ jobs:
       with:
         cmake-version: '3.17.0'
 
+    - name: Install python3 cryptography module (macOS)
+      if: runner.os == 'macOS'
+      run: |
+        python3.8 -m ensurepip
+        python3.8 -m pip install --upgrade pip
+        python3.8 -m pip install cryptography
+
+    - name: Install python3 cryptography module (Windows)
+      if: runner.os == 'Windows'
+      run: |
+        C:/hostedtoolcache/windows/Python/3.12.3/x64/python3.exe -m ensurepip
+        C:/hostedtoolcache/windows/Python/3.12.3/x64/python.exe -m pip install --upgrade pip
+        C:/hostedtoolcache/windows/Python/3.12.3/x64/python.exe -m pip install cryptography
+
     - name: Configure CMake
       run: cmake
         -G "${{matrix.generator}}"
@@ -138,24 +158,13 @@ jobs:
         --build ${{github.workspace}}/build
         --config ${{env.BUILD_TYPE}}
 
-    - name: Start HTTP server (macOS)
+    - name: Show python version (macOS)
       working-directory: ${{github.workspace}}/build
       if: runner.os == 'macOS'
       run: |
         python3.8 --version
-        python3.8 ./Testing/server_http.py --port 19254
-        while test ! -s ./Testing/logs/port.log; do sleep 1; done
-
-    - name: Start HTTP server (Windows)
-      working-directory: ${{github.workspace}}\build
-      if: runner.os == 'Windows'
-      run: |
-        python.exe --version
-        $Args = '.\Testing\server_http.pyw --port 19254'
-        $File = '.\Testing\logs\port.log'
-        Start-Process -FilePath pythonw.exe -ArgumentList $Args
-        while(-not(Test-Path -Path $File -PathType Leaf) -or [String]::IsNullOrWhiteSpace((Get-Content $File))) {Start-Sleep -Seconds 1}
-        Get-Content '.\Testing\logs\server.log'
+        python3.8 -c "import sys; print(sys.executable)"
+        python3.8 -c "import cryptography; print(f'Python3 cryptography version {cryptography.__version__}')"
 
     - name: List files (Linux/macOS)
       if: runner.os != 'Windows'
diff --git a/CMakeLists.txt b/CMakeLists.txt
index a92d733..e7c0ee9 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -3,9 +3,9 @@ cmake_minimum_required(VERSION 3.17)
 
 # autodetect vcpkg CMAKE_TOOLCHAIN_FILE if VCPKG_ROOT is defined
 # this needs to be configured before the project() directive
-if(DEFINED ENV{VCPKG_ROOT} AND NOT $ENV{VCPKG_ROOT} STREQUAL "" AND NOT DEFINED CMAKE_TOOLCHAIN_FILE)
+if((CMAKE_GENERATOR MATCHES "Ninja") AND DEFINED ENV{VCPKG_ROOT} AND NOT $ENV{VCPKG_ROOT} STREQUAL "" AND NOT DEFINED CMAKE_TOOLCHAIN_FILE)
     set(CMAKE_TOOLCHAIN_FILE "$ENV{VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake" CACHE STRING "")
-endif(DEFINED ENV{VCPKG_ROOT} AND NOT $ENV{VCPKG_ROOT} STREQUAL "" AND NOT DEFINED CMAKE_TOOLCHAIN_FILE)
+endif((CMAKE_GENERATOR MATCHES "Ninja") AND DEFINED ENV{VCPKG_ROOT} AND NOT $ENV{VCPKG_ROOT} STREQUAL "" AND NOT DEFINED CMAKE_TOOLCHAIN_FILE)
 set(BUILTIN_SOCKET ON CACHE BOOL "") # for static Python
 
 # configure basic project information
diff --git a/Dockerfile b/Dockerfile
index 2b6592a..f05d5e7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@
 FROM alpine:latest AS builder
 
 # Install build dependencies
-RUN apk add --no-cache build-base cmake openssl-dev curl-dev
+RUN apk add --no-cache build-base cmake openssl-dev zlib-dev
 
 # Copy osslsigncode source code into the image
 COPY . /source
@@ -23,7 +23,7 @@ FROM alpine:latest
 COPY --from=builder /usr/local/bin/osslsigncode /usr/local/bin/osslsigncode
 
 # Install necessary runtime libraries (latest version)
-RUN apk add --no-cache libcrypto3 libcurl
+RUN apk add --no-cache libcrypto3
 
 # Set working directory
 WORKDIR /workdir
diff --git a/INSTALL.W32.md b/INSTALL.W32.md
index 303b4f2..0b2629a 100644
--- a/INSTALL.W32.md
+++ b/INSTALL.W32.md
@@ -3,32 +3,33 @@
 ### Building osslsigncode source with MSYS2 MinGW 64-bit and MSYS2 packages:
 
 1) Download and install MSYS2 from https://msys2.github.io/ and follow installation instructions.
-   Once up and running install mingw-w64-x86_64-gcc and mingw-w64-x86_64-openssl packages.
+   Once up and running install the following packages:
 ```
-  pacman -S mingw-w64-x86_64-gcc mingw-w64-x86_64-openssl
+  pacman -S make mingw-w64-x86_64-gcc mingw-w64-x86_64-cmake mingw-w64-x86_64-openssl mingw-w64-x86_64-python-cryptography
 ```
    mingw-w64-x86_64-zlib package is installed with dependencies.
 
 2) Run "MSYS2 MinGW 64-bit" and build 64-bit Windows executables.
 ```
   cd osslsigncode-folder
-  x86_64-w64-mingw32-gcc *.c -o osslsigncode.exe \
-    -lcrypto -lssl -lws2_32 -lz \
-    -D 'PACKAGE_STRING="osslsigncode x.y"' \
-    -D 'PACKAGE_BUGREPORT="Your.Email@example.com"'
+  mkdir build && cd build && cmake -S .. -DCMAKE_BUILD_TYPE=Release -G "MSYS Makefiles"
+  cmake --build . --verbose
 ```
 
-3) Run "Command prompt" and include "c:\msys64\mingw64\bin" folder as part of the path.
+3) Make tests.
+```
+  ctest
+```
+
+4) Run "Command prompt" and include "c:\msys64\mingw64\bin" folder as part of the path.
 ```
   path=%path%;c:\msys64\mingw64\bin
-  cd osslsigncode-folder
   osslsigncode.exe -v
   osslsigncode 2.8, using:
         OpenSSL 3.2.0 23 Nov 2023 (Library: OpenSSL 3.2.0 23 Nov 2023)
-  Default -CAfile location: /etc/ssl/certs/ca-certificates.crt
+  No default -CAfile location detected
 ```
 
-
 ### Building OpenSSL and osslsigncode sources with MSYS2 MinGW 64-bit:
 
 1) Download and install MSYS2 from https://msys2.github.io/ and follow installation instructions.
@@ -43,27 +44,28 @@
   cd openssl-(version)
   ./config --prefix='C:/OpenSSL' --openssldir='C:/OpenSSL'
   make && make install
-
-3) Build 64-bit Windows executables.
 ```
-  cd osslsigncode-folder
-  x86_64-w64-mingw32-gcc *.c -o osslsigncode.exe \
-    -L "C:/OpenSSL/lib/" -lcrypto -lssl -lws2_32 -lz \
-    -I "C:/OpenSSL/include/" \
-    -D 'PACKAGE_STRING="osslsigncode x.y"' \
-    -D 'PACKAGE_BUGREPORT="Your.Email@example.com"'
+
+3) Configure a CMake project.
+```
+  mkdir build && cd build && cmake -S .. -DCMAKE_BUILD_TYPE=Release -G "MSYS Makefiles" -DCMAKE_PREFIX_PATH="C:\OpenSSL"
 ```
 
 4) Run "Command prompt" and copy required libraries.
 ```
   cd osslsigncode-folder
-  copy C:\OpenSSL\bin\libssl-1_1-x64.dll
-  copy C:\OpenSSL\bin\libcrypto-1_1-x64.dll
+  copy C:\OpenSSL\bin\libssl-3-x64.dll
+  copy C:\OpenSSL\bin\libcrypto-3-x64.dll
+```
 
-  osslsigncode.exe -v
-  osslsigncode 2.8, using:
-        OpenSSL 3.2.0 23 Nov 2023 (Library: OpenSSL 3.2.0 23 Nov 2023)
-  Default -CAfile location: /etc/ssl/certs/ca-certificates.crt
+5) Build 64-bit Windows executables.
+```
+  cmake --build . --verbose
+```
+
+6) Make tests.
+```
+  ctest
 ```
 
 ### Building OpenSSL and osslsigncode sources with Microsoft Visual Studio:
diff --git a/NEWS.md b/NEWS.md
index 1a95951..2580a4f 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -4,6 +4,7 @@
 
 - added a 64 bit long pseudo-random NONCE in the TSA request
 - used native HTTP client with OpenSSL 3.0 or later, removed libcurl dependency
+- improved testing
 
 ### 2.8 (2024.03.03)
 
diff --git a/cmake/CMakeTest.cmake b/cmake/CMakeTest.cmake
index 4cdba1a..d0382dc 100644
--- a/cmake/CMakeTest.cmake
+++ b/cmake/CMakeTest.cmake
@@ -3,177 +3,143 @@
 
 ########## Configure ##########
 
-option(STOP_SERVER "Stop HTTP server after tests" ON)
-
-# Remove http proxy configuration that may change behavior
-unset(ENV{HTTP_PROXY})
-unset(ENV{http_proxy})
-
 include(FindPython3)
 
-set(TEST_DIR "${PROJECT_BINARY_DIR}/Testing")
-file(COPY
-    "${CMAKE_CURRENT_SOURCE_DIR}/tests/files"
-    "${CMAKE_CURRENT_SOURCE_DIR}/tests/conf"
-    "${CMAKE_CURRENT_SOURCE_DIR}/tests/client_http.py"
-    DESTINATION "${TEST_DIR}/")
+if(Python3_FOUND)
+    execute_process(
+        COMMAND ${Python3_EXECUTABLE} "check_cryptography.py"
+        WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/tests"
+        OUTPUT_VARIABLE cryptography_output
+        RESULT_VARIABLE cryptography_error)
 
-file(MAKE_DIRECTORY "${TEST_DIR}/logs")
+    if(NOT cryptography_error)
+        message(STATUS "Using python3-cryptography version ${cryptography_output}")
+        option(STOP_SERVER "Stop HTTP server after tests" ON)
 
-set(FILES "${TEST_DIR}/files")
-set(CERTS "${TEST_DIR}/certs")
-set(CONF "${TEST_DIR}/conf")
-set(LOGS "${TEST_DIR}/logs")
-set(CLIENT_HTTP "${TEST_DIR}/client_http.py")
+        # Remove http proxy configuration that may change behavior
+        unset(ENV{HTTP_PROXY})
+        unset(ENV{http_proxy})
 
-if(UNIX)
-    file(COPY
-        "${CMAKE_CURRENT_SOURCE_DIR}/tests/server_http.py"
-        DESTINATION "${TEST_DIR}/")
-    set(SERVER_HTTP "${TEST_DIR}/server_http.py")
-else(UNIX)
-    file(COPY
-        "${CMAKE_CURRENT_SOURCE_DIR}/tests/server_http.pyw"
-        DESTINATION "${TEST_DIR}/")
-    set(SERVER_HTTP "${TEST_DIR}/server_http.pyw")
-endif(UNIX)
+        set(TEST_DIR "${PROJECT_BINARY_DIR}/Testing")
+        if(CMAKE_GENERATOR STREQUAL "Ninja Multi-Config")
+            set(OSSLSIGNCODE "${PROJECT_BINARY_DIR}/${CMAKE_BUILD_TYPE}/osslsigncode")
+        else(CMAKE_GENERATOR STREQUAL "Ninja Multi-Config")
+            set(OSSLSIGNCODE "${PROJECT_BINARY_DIR}/osslsigncode")
+        endif(CMAKE_GENERATOR STREQUAL "Ninja Multi-Config")
+        set(EXEC "${TEST_DIR}/exec.py")
+        set(FILES "${TEST_DIR}/files")
+        set(CERTS "${TEST_DIR}/certs")
+        set(CONF "${TEST_DIR}/conf")
+        set(LOGS "${TEST_DIR}/logs")
 
-file(COPY
-    "${CMAKE_CURRENT_SOURCE_DIR}/tests/certs/ca-bundle.crt"
-    DESTINATION "${CONF}")
+        file(MAKE_DIRECTORY "${LOGS}")
 
-if(WIN32 OR APPLE)
-    if(WIN32)
-        message(STATUS "Use pythonw to start HTTP server: \"pythonw.exe Testing\\server_http.pyw\"")
-    else(WIN32)
-        message(STATUS "Use python3 to start HTTP server: \"python3 Testing/server_http.py --port 19254\"")
-    endif(WIN32)
-    set(default_certs 1)
-else(WIN32 OR APPLE)
-    if(Python3_FOUND)
-        if(EXISTS ${LOGS}/port.log)
+        file(COPY
+            "${CMAKE_CURRENT_SOURCE_DIR}/tests/certs/ca-bundle.crt"
+            DESTINATION "${CONF}")
+
+        file(COPY
+            "${CMAKE_CURRENT_SOURCE_DIR}/tests/files"
+            "${CMAKE_CURRENT_SOURCE_DIR}/tests/conf"
+            "${CMAKE_CURRENT_SOURCE_DIR}/tests/client_http.py"
+            "${CMAKE_CURRENT_SOURCE_DIR}/tests/make_certificates.py"
+            "${CMAKE_CURRENT_SOURCE_DIR}/tests/start_server.py"
+            "${CMAKE_CURRENT_SOURCE_DIR}/tests/exec.py"
+            DESTINATION "${TEST_DIR}/")
+
+        if(UNIX)
+            file(COPY
+                "${CMAKE_CURRENT_SOURCE_DIR}/tests/server_http.py"
+                DESTINATION "${TEST_DIR}/")
+            set(SERVER_HTTP "${TEST_DIR}/server_http.py")
+            set(Python3w_EXECUTABLE ${Python3_EXECUTABLE})
+        else(UNIX)
+            file(COPY
+                "${CMAKE_CURRENT_SOURCE_DIR}/tests/server_http.pyw"
+                DESTINATION "${TEST_DIR}/")
+            set(SERVER_HTTP "${TEST_DIR}/server_http.pyw")
+            get_filename_component(PYTHON_DIRECTORY ${Python3_EXECUTABLE} DIRECTORY)
+            set(Python3w_EXECUTABLE "${PYTHON_DIRECTORY}/pythonw.exe")
+        endif(UNIX)
+
+        if(EXISTS "${LOGS}/url.log")
             # Stop HTTP server if running
             message(STATUS "Try to kill HTTP server")
             execute_process(
-                COMMAND ${Python3_EXECUTABLE} "${CLIENT_HTTP}"
-                WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
+                COMMAND ${Python3_EXECUTABLE} "${TEST_DIR}/client_http.py"
                 OUTPUT_VARIABLE client_output
                 RESULT_VARIABLE client_result)
             if(NOT client_result)
                 # Successfully closed
                 message(STATUS "${client_output}")
             endif(NOT client_result)
-        endif(EXISTS ${LOGS}/port.log)
+        endif(EXISTS "${LOGS}/url.log")
 
-        # Start Time Stamping Authority and CRL distribution point HTTP server
-        execute_process(
-            COMMAND ${Python3_EXECUTABLE} "${SERVER_HTTP}"
-            WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
-            OUTPUT_FILE ${LOGS}/server.log
-            ERROR_FILE ${LOGS}/server.log
-            RESULT_VARIABLE server_error)
-        if(server_error)
-            message(STATUS "HTTP server failed: ${server_error}")
-            message(STATUS "Use python3 to start HTTP server: \"python3 Testing/server_http.py --port 19254\"")
-            set(default_certs 1)
-        else(server_error)
-            # Check if file exists and is no-empty
-            while(NOT EXISTS ${LOGS}/port.log)
-                execute_process(COMMAND sleep 1)
-            endwhile(NOT EXISTS ${LOGS}/port.log)
-            file(READ ${LOGS}/port.log PORT)
-            while(NOT PORT)
-                execute_process(COMMAND sleep 1)
-                file(READ ${LOGS}/port.log PORT)
-            endwhile(NOT PORT)
-            file(STRINGS ${LOGS}/server.log server_log)
-            message(STATUS "${server_log}")
+    set(extensions_all "exe" "ex_" "msi" "256appx" "512appx" "cat" "ps1" "psc1" "mof")
+    set(extensions_nocat "exe" "ex_" "msi" "256appx" "512appx" "ps1" "psc1" "mof")
+    set(extensions_nocatappx "exe" "ex_" "msi" "ps1" "psc1" "mof")
+    set(formats "pem" "der")
 
-            # Generate new cTest certificates
-            if(NOT SED_EXECUTABLE)
-                find_program(SED_EXECUTABLE sed)
-                mark_as_advanced(SED_EXECUTABLE)
-            endif(NOT SED_EXECUTABLE)
-            execute_process(
-                COMMAND ${SED_EXECUTABLE}
-                    -i.bak s/:19254/:${PORT}/ "${CONF}/openssl_intermediate_crldp.cnf"
-                COMMAND ${SED_EXECUTABLE}
-                    -i.bak s/:19254/:${PORT}/ "${CONF}/openssl_tsa_root.cnf")
-            execute_process(
-                COMMAND "${CONF}/makecerts.sh"
-                WORKING_DIRECTORY ${CONF}
-                OUTPUT_VARIABLE makecerts_output
-                RESULT_VARIABLE default_certs)
-            message(STATUS "${makecerts_output}")
-        endif(server_error)
-    endif(Python3_FOUND)
+    else(NOT cryptography_error)
+        message(STATUS "CTest skips tests: ${cryptography_output}")
+    endif(NOT cryptography_error)
 
-endif(WIN32 OR APPLE)
-
-# Copy the set of default certificates
-if(default_certs)
-    message(STATUS "Default certificates used by cTest")
-    set(PORT 19254)
-    file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/tests/certs"
-        DESTINATION "${TEST_DIR}")
-endif(default_certs)
-
-# Compute a SHA256 hash of the leaf certificate (in DER form)
-execute_process(
-    COMMAND ${CMAKE_COMMAND} -E sha256sum "${CERTS}/cert.der"
-    OUTPUT_VARIABLE sha256sum)
-string(SUBSTRING ${sha256sum} 0 64 leafhash)
+else(Python3_FOUND)
+    message(STATUS "CTest skips tests: Python3 not found")
+endif(Python3_FOUND)
 
 
 ########## Testing ##########
 
 enable_testing()
 
-set(extensions_all "exe" "ex_" "msi" "256appx" "512appx" "cat" "ps1" "psc1" "mof")
-set(extensions_nocat "exe" "ex_" "msi" "256appx" "512appx" "ps1" "psc1" "mof")
-set(extensions_nocatappx "exe" "ex_" "msi" "ps1" "psc1" "mof")
-set(formats "pem" "der")
+### osslsigncode version ###
+if(Python3_FOUND AND NOT cryptography_error)
 
-# Test 1
-# Print osslsigncode version
-add_test(NAME version
-    COMMAND osslsigncode --version)
+### Start ###
+    add_test(NAME "version"
+        COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE}
+        "--version")
+
+    add_test(NAME "start_server"
+        COMMAND ${Python3_EXECUTABLE} "${TEST_DIR}/start_server.py"
+        "--exe" ${Python3w_EXECUTABLE}
+        "--script" ${SERVER_HTTP})
+    set_tests_properties("start_server" PROPERTIES
+        TIMEOUT 60)
+    set(ALL_TESTS "version" "start_server")
 
 ### Sign ###
 
-# Tests 2-7
-# Sign with PKCS#12 container with legacy RC2-40-CBC private key and certificate encryption algorithm
-foreach(ext ${extensions_all})
-    add_test(
-        NAME legacy_${ext}
-        COMMAND osslsigncode "sign"
-        "-pkcs12" "${CERTS}/legacy.p12"
-        "-readpass" "${CERTS}/password.txt"
-        "-ac" "${CERTS}/CAcross.pem"
-        "-time" "1556668800" # Signing time: May  1 00:00:00 2019 GMT
-        "-add-msi-dse"
-        "-comm"
-        "-ph"
-        "-jp" "low"
-        "-h" "sha512" "-i" "https://www.osslsigncode.com/"
-        "-n" "osslsigncode"
-        "-in" "${FILES}/unsigned.${ext}"
-        "-out" "${FILES}/legacy.${ext}")
-endforeach(ext ${extensions_all})
-
-# Tests 8-13
-# Sign with PKCS#12 container with legacy RC2-40-CBC private key and certificate encryption algorithm
-# Disable legacy mode and don't automatically load the legacy provider
-# Option "-nolegacy" requires OpenSSL 3.0.0 or later
-# This tests are expected to fail
-if(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.0.0)
+    # Sign with PKCS#12 container with private key and certificate encryption algorithm
+    # Signing time: May  1 00:00:00 2019 GMT (1556668800)
     foreach(ext ${extensions_all})
-        add_test(
-            NAME nolegacy_${ext}
-            COMMAND osslsigncode "sign"
-            "-pkcs12" "${CERTS}/legacy.p12"
+        add_test(NAME "signed_${ext}"
+            COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign"
+            "-pkcs12" "${CERTS}/cert.p12"
+            "-readpass" "${CERTS}/password.txt"
+            "-ac" "${CERTS}/CAcross.pem"
+            "-time" "1556668800"
+            "-add-msi-dse"
+            "-comm"
+            "-ph"
+            "-jp" "low"
+            "-h" "sha512" "-i" "https://www.osslsigncode.com/"
+            "-n" "osslsigncode"
+            "-in" "${FILES}/unsigned.${ext}"
+            "-out" "${FILES}/signed.${ext}")
+        set_tests_properties("signed_${ext}" PROPERTIES
+            DEPENDS "start_server")
+        list(APPEND ALL_TESTS "signed_${ext}")
+    endforeach(ext ${extensions_all})
+
+    # Sign with revoked certificate
+    foreach(ext ${extensions_all})
+        add_test(NAME "revoked_${ext}"
+            COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign"
+            "-certs" "${CERTS}/revoked.pem"
+            "-key" "${CERTS}/keyp.pem"
             "-readpass" "${CERTS}/password.txt"
-            "-nolegacy" # Disable legacy mode
             "-ac" "${CERTS}/CAcross.pem"
             "-time" "1556668800" # Signing time: May  1 00:00:00 2019 GMT
             "-add-msi-dse"
@@ -183,576 +149,470 @@ if(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.0.0)
             "-h" "sha512" "-i" "https://www.osslsigncode.com/"
             "-n" "osslsigncode"
             "-in" "${FILES}/unsigned.${ext}"
-            "-out" "${FILES}/nolegacy.${ext}")
-        set_tests_properties(
-            nolegacy_${ext}
-            PROPERTIES
-            WILL_FAIL TRUE)
+            "-out" "${FILES}/revoked.${ext}")
+        set_tests_properties("revoked_${ext}" PROPERTIES
+            DEPENDS "start_server")
+        list(APPEND ALL_TESTS "revoked_${ext}")
     endforeach(ext ${extensions_all})
-endif(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.0.0)
 
-# Tests 14-19
-# Sign with PKCS#12 container with AES-256-CBC private key and certificate encryption algorithm
-foreach(ext ${extensions_all})
-    add_test(
-        NAME signed_${ext}
-        COMMAND osslsigncode "sign"
-        "-pkcs12" "${CERTS}/cert.p12"
-        "-readpass" "${CERTS}/password.txt"
-        "-ac" "${CERTS}/CAcross.pem"
-        "-time" "1556668800" # Signing time: May  1 00:00:00 2019 GMT
-        "-add-msi-dse"
-        "-comm"
-        "-ph"
-        "-jp" "low"
-        "-h" "sha512" "-i" "https://www.osslsigncode.com/"
-        "-n" "osslsigncode"
-        "-in" "${FILES}/unsigned.${ext}"
-        "-out" "${FILES}/signed.${ext}")
-endforeach(ext ${extensions_all})
-
-# Tests 20-25
-# Sign with revoked certificate
-foreach(ext ${extensions_all})
-    add_test(
-        NAME revoked_${ext}
-        COMMAND osslsigncode "sign"
-        "-certs" "${CERTS}/revoked.pem"
-        "-key" "${CERTS}/keyp.pem"
-        "-readpass" "${CERTS}/password.txt"
-        "-ac" "${CERTS}/CAcross.pem"
-        "-time" "1556668800" # Signing time: May  1 00:00:00 2019 GMT
-        "-add-msi-dse"
-        "-comm"
-        "-ph"
-        "-jp" "low"
-        "-h" "sha512" "-i" "https://www.osslsigncode.com/"
-        "-n" "osslsigncode"
-        "-in" "${FILES}/unsigned.${ext}"
-        "-out" "${FILES}/revoked.${ext}")
-endforeach(ext ${extensions_all})
-
-# Tests 26-30
-# Remove signature
-# Unsupported command for CAT files
-foreach(ext ${extensions_nocat})
-    add_test(
-        NAME removed_${ext}
-        COMMAND osslsigncode "remove-signature"
-        "-in" "${FILES}/signed.${ext}"
-        "-out" "${FILES}/removed.${ext}")
-    set_tests_properties(
-        removed_${ext}
-        PROPERTIES
-        DEPENDS "signed_${ext}"
-        REQUIRED_FILES "${FILES}/signed.${ext}")
-endforeach(ext ${extensions_nocat})
-
-# Tests 31-36
-# Extract PKCS#7 signature in PEM format
-foreach(ext ${extensions_all})
-    add_test(
-        NAME extract_pem_${ext}
-        COMMAND osslsigncode "extract-signature"
-        "-pem" # PEM format
-        "-in" "${FILES}/signed.${ext}"
-        "-out" "${FILES}/${ext}.pem")
-    set_tests_properties(
-        extract_pem_${ext}
-        PROPERTIES
-        DEPENDS "signed_${ext}"
-        REQUIRED_FILES "${FILES}/signed.${ext}")
-endforeach(ext ${extensions_all})
-
-# Tests 37-42
-# Extract PKCS#7 signature in default DER format
-foreach(ext ${extensions_all})
-    add_test(
-        NAME extract_der_${ext}
-        COMMAND osslsigncode "extract-signature"
-        "-in" "${FILES}/signed.${ext}"
-        "-out" "${FILES}/${ext}.der")
-    set_tests_properties(
-        extract_der_${ext}
-        PROPERTIES
-        DEPENDS "signed_${ext}"
-        REQUIRED_FILES "${FILES}/signed.${ext}")
-endforeach(ext ${extensions_all})
-
-# Tests 43-52
-# Attach a nested signature in PEM or DER format
-# Unsupported command for CAT files
-foreach(ext ${extensions_nocat})
-    foreach(format ${formats})
-        add_test(
-            NAME attached_${format}_${ext}
-            COMMAND osslsigncode "attach-signature"
-            # sign options
-            "-require-leaf-hash" "SHA256:${leafhash}"
-            "-add-msi-dse"
-            "-h" "sha512"
-            "-nest"
-            "-sigin" "${FILES}/${ext}.${format}"
+    # Remove signature
+    # Unsupported command for CAT files
+    foreach(ext ${extensions_nocat})
+        add_test(NAME "removed_${ext}"
+            COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "remove-signature"
             "-in" "${FILES}/signed.${ext}"
-            "-out" "${FILES}/attached_${format}.${ext}"
-            # verify options
-            "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
-            "-CAfile" "${CERTS}/CACert.pem"
-            "-CRLfile" "${CERTS}/CACertCRL.pem")
-        set_tests_properties(
-            attached_${format}_${ext}
-            PROPERTIES
-            DEPENDS "signed_${ext}:extract_${format}_${ext}"
-            REQUIRED_FILES "${FILES}/signed.${ext}"
-            REQUIRED_FILES "${FILES}/${ext}.${format}")
-    endforeach(format ${formats})
-endforeach(ext ${extensions_nocat})
+            "-out" "${FILES}/removed.${ext}")
+        set_tests_properties("removed_${ext}" PROPERTIES
+            DEPENDS "signed_${ext}")
+        list(APPEND ALL_TESTS "removed_${ext}")
+    endforeach(ext ${extensions_nocat})
 
-# Tests 53-58
-# Add an unauthenticated blob to a previously-signed file
-foreach(ext ${extensions_all})
-    add_test(
-        NAME added_${ext}
-        COMMAND osslsigncode "add"
-        "-addUnauthenticatedBlob"
-        "-add-msi-dse" "-h" "sha512"
-        "-in" "${FILES}/signed.${ext}"
-        "-out" "${FILES}/added.${ext}")
-    set_tests_properties(
-        added_${ext}
-        PROPERTIES
-        DEPENDS "signed_${ext}"
-        REQUIRED_FILES "${FILES}/signed.${ext}")
-endforeach(ext ${extensions_all})
+    # Extract PKCS#7 signature in PEM format
+    foreach(ext ${extensions_all})
+        add_test(NAME "extract_pem_${ext}"
+            COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "extract-signature"
+            "-pem" # PEM format
+            "-in" "${FILES}/signed.${ext}"
+            "-out" "${FILES}/${ext}.pem")
+        set_tests_properties("extract_pem_${ext}" PROPERTIES
+            DEPENDS "signed_${ext}")
+        list(APPEND ALL_TESTS "extract_pem_${ext}")
+    endforeach(ext ${extensions_all})
 
-# Tests 59-64
-# Add the new nested signature instead of replacing the first one
-# APPX files do not support nesting (multiple signature)
-foreach(ext ${extensions_all})
-    add_test(
-        NAME nested_${ext}
-        COMMAND osslsigncode "sign"
-        "-nest"
-        "-certs" "${CERTS}/cert.pem"
-        "-key" "${CERTS}/key.der"
-        "-pass" "passme"
-        "-ac" "${CERTS}/CAcross.pem"
-        "-time" "1556755200" # Signing time: May  2 00:00:00 2019 GMT
-        "-add-msi-dse"
-        "-comm"
-        "-ph"
-        "-jp" "low"
-        "-h" "sha512"
-        "-i" "https://www.osslsigncode.com/"
-        "-n" "osslsigncode"
-        "-in" "${FILES}/signed.${ext}"
-        "-out" "${FILES}/nested.${ext}")
-    set_tests_properties(
-        nested_${ext}
-        PROPERTIES
-        DEPENDS "signed_${ext}"
-        REQUIRED_FILES "${FILES}/signed.${ext}")
-endforeach(ext ${extensions_all})
+    # Extract PKCS#7 signature in default DER format
+    foreach(ext ${extensions_all})
+        add_test(NAME "extract_der_${ext}"
+            COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "extract-signature"
+            "-in" "${FILES}/signed.${ext}"
+            "-out" "${FILES}/${ext}.der")
+        set_tests_properties("extract_der_${ext}" PROPERTIES
+            DEPENDS "signed_${ext}")
+        list(APPEND ALL_TESTS "extract_der_${ext}")
+    endforeach(ext ${extensions_all})
+
+    # Attach a nested signature in PEM or DER format
+    # Unsupported command for CAT files
+    foreach(ext ${extensions_nocat})
+        foreach(format ${formats})
+            add_test(NAME "attached_${format}_${ext}"
+                COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "attach-signature"
+                # sign options
+                "-add-msi-dse"
+                "-h" "sha512"
+                "-nest"
+                "-sigin" "${FILES}/${ext}.${format}"
+                "-in" "${FILES}/signed.${ext}"
+                "-out" "${FILES}/attached_${format}.${ext}"
+                # verify options
+                "-require-leaf-hash" "FILE ${CERTS}/leafhash.txt"
+                "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
+                "-CAfile" "${CERTS}/CACert.pem"
+                "-CRLfile" "${CERTS}/CACertCRL.pem")
+            set_tests_properties("attached_${format}_${ext}" PROPERTIES
+                DEPENDS "signed_${ext};extract_pem_${ext};extract_der_${ext}")
+            list(APPEND ALL_TESTS "attached_${format}_${ext}")
+        endforeach(format ${formats})
+    endforeach(ext ${extensions_nocat})
+
+    # Add an unauthenticated blob to a previously-signed file
+    foreach(ext ${extensions_all})
+        add_test(NAME "added_${ext}"
+            COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "add"
+            "-addUnauthenticatedBlob"
+            "-add-msi-dse" "-h" "sha512"
+            "-in" "${FILES}/signed.${ext}"
+            "-out" "${FILES}/added.${ext}")
+        set_tests_properties("added_${ext}" PROPERTIES
+            DEPENDS "signed_${ext}")
+        list(APPEND ALL_TESTS "added_${ext}")
+    endforeach(ext ${extensions_all})
+
+    # Add the new nested signature instead of replacing the first one
+    # APPX files do not support nesting (multiple signature)
+    foreach(ext ${extensions_all})
+        add_test(NAME "nested_${ext}"
+            COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign"
+            "-nest"
+            "-certs" "${CERTS}/cert.pem"
+            "-key" "${CERTS}/key.der"
+            "-pass" "passme"
+            "-ac" "${CERTS}/CAcross.pem"
+            "-time" "1556755200" # Signing time: May  2 00:00:00 2019 GMT
+            "-add-msi-dse"
+            "-comm"
+            "-ph"
+            "-jp" "low"
+            "-h" "sha512"
+            "-i" "https://www.osslsigncode.com/"
+            "-n" "osslsigncode"
+            "-in" "${FILES}/signed.${ext}"
+            "-out" "${FILES}/nested.${ext}")
+        set_tests_properties("nested_${ext}" PROPERTIES
+            DEPENDS "signed_${ext}")
+        list(APPEND ALL_TESTS "nested_${ext}")
+    endforeach(ext ${extensions_all})
 
 
 ### Verify signature ###
 
-# Tests 65-67
-# Verify PE/MSI/CAB files signed in the catalog file
-# CAT and APPX files do not support detached PKCS#7 signature
-foreach(ext ${extensions_nocatappx})
-    add_test(
-        NAME verify_catalog_${ext}
-        COMMAND osslsigncode "verify"
-        "-catalog" "${FILES}/signed.cat" # catalog file
-        "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
-        "-require-leaf-hash" "SHA256:${leafhash}"
-        "-CAfile" "${CERTS}/CACert.pem"
-        "-CRLfile" "${CERTS}/CACertCRL.pem"
-        "-in" "${FILES}/unsigned.${ext}")
-    set_tests_properties(
-        verify_catalog_${ext}
-        PROPERTIES
-        DEPENDS "signed_${ext}"
-        REQUIRED_FILES "${FILES}/signed.cat"
-        REQUIRED_FILES "${FILES}/unsigned.${ext}")
-endforeach(ext ${extensions_nocatappx})
-
-# Tests 68-97
-# Verify signature
-set(files "legacy" "signed" "nested" "added" "revoked")
-foreach(file ${files})
-    foreach(ext ${extensions_all})
-        add_test(
-            NAME verify_${file}_${ext}
-            COMMAND osslsigncode "verify"
+    # Verify PE/MSI/CAB files signed in the catalog file
+    # CAT and APPX files do not support detached PKCS#7 signature
+    foreach(ext ${extensions_nocatappx})
+        add_test(NAME "verify_catalog_${ext}"
+            COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify"
+            "-catalog" "${FILES}/signed.cat" # catalog file
             "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
+            "-require-leaf-hash" "FILE ${CERTS}/leafhash.txt"
             "-CAfile" "${CERTS}/CACert.pem"
             "-CRLfile" "${CERTS}/CACertCRL.pem"
-            "-in" "${FILES}/${file}.${ext}")
-        set_tests_properties(
-            verify_${file}_${ext}
-            PROPERTIES
-            DEPENDS "${file}_${ext}"
-            REQUIRED_FILES "${FILES}/${file}.${ext}")
-    endforeach(ext ${extensions_all})
-endforeach(file ${files})
+            "-in" "${FILES}/unsigned.${ext}")
+        set_tests_properties("verify_catalog_${ext}" PROPERTIES
+            DEPENDS "signed_${ext}")
+        list(APPEND ALL_TESTS "verify_catalog_${ext}")
+    endforeach(ext ${extensions_nocatappx})
 
-# "revoked" tests are expected to fail
-set(files "revoked")
-foreach(file ${files})
-    foreach(ext ${extensions_all})
-        set_tests_properties(
-            verify_${file}_${ext}
-            PROPERTIES
-            WILL_FAIL TRUE)
-    endforeach(ext ${extensions_all})
-endforeach(file ${files})
+    # Verify signature
+    set(files "signed" "nested" "added" "revoked")
+    foreach(file ${files})
+        foreach(ext ${extensions_all})
+            add_test(NAME "verify_${file}_${ext}"
+                COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify"
+                "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
+                "-CAfile" "${CERTS}/CACert.pem"
+                "-CRLfile" "${CERTS}/CACertCRL.pem"
+                "-in" "${FILES}/${file}.${ext}")
+            set_tests_properties("verify_${file}_${ext}" PROPERTIES
+                DEPENDS "${file}_${ext}")
+            list(APPEND ALL_TESTS "verify_${file}_${ext}")
+        endforeach(ext ${extensions_all})
+    endforeach(file ${files})
 
-# Tests 98-102
-# Verify removed signature
-# "removed" tests are expected to fail
-# "remove-signature" command is unsupported for CAT files
-set(files "removed")
-foreach(file ${files})
+    # "revoked" tests are expected to fail
+    set(files "revoked")
+    foreach(file ${files})
+        foreach(ext ${extensions_all})
+            set_tests_properties("verify_${file}_${ext}" PROPERTIES
+                WILL_FAIL TRUE)
+        endforeach(ext ${extensions_all})
+    endforeach(file ${files})
+
+    # Verify removed signature
+    # "removed" tests are expected to fail
+    # "remove-signature" command is unsupported for CAT files
+    set(files "removed")
+    foreach(file ${files})
+        foreach(ext ${extensions_nocat})
+            add_test(NAME "verify_${file}_${ext}"
+                COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify"
+                "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
+                "-CAfile" "${CERTS}/CACert.pem"
+                "-CRLfile" "${CERTS}/CACertCRL.pem"
+                "-in" "${FILES}/${file}.${ext}")
+            set_tests_properties("verify_${file}_${ext}" PROPERTIES
+                DEPENDS "${file}_${ext}"
+                WILL_FAIL TRUE)
+            list(APPEND ALL_TESTS "verify_${file}_${ext}")
+        endforeach(ext ${extensions_nocat})
+    endforeach(file ${files})
+
+    # Verify attached signature
+    # "attach-signature" command is unsupported for CAT files
+    set(files "attached_pem" "attached_der")
+    foreach(file ${files})
+        foreach(ext ${extensions_nocat})
+            add_test(NAME "verify_${file}_${ext}"
+                COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify"
+                "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
+                "-CAfile" "${CERTS}/CACert.pem"
+                "-CRLfile" "${CERTS}/CACertCRL.pem"
+                "-in" "${FILES}/${file}.${ext}")
+            set_tests_properties("verify_${file}_${ext}" PROPERTIES
+                DEPENDS "${file}_${ext}")
+            list(APPEND ALL_TESTS "verify_${file}_${ext}")
+        endforeach(ext ${extensions_nocat})
+    endforeach(file ${files})
+
+
+### Extract a data content to be signed ###
+
+    # Unsupported command "extract-data" for CAT files
     foreach(ext ${extensions_nocat})
-        add_test(
-            NAME verify_${file}_${ext}
-            COMMAND osslsigncode "verify"
-            "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
-            "-CAfile" "${CERTS}/CACert.pem"
-            "-CRLfile" "${CERTS}/CACertCRL.pem"
-            "-in" "${FILES}/${file}.${ext}")
-        set_tests_properties(
-            verify_${file}_${ext}
-            PROPERTIES
-            DEPENDS "${file}_${ext}"
-            REQUIRED_FILES "${FILES}/${file}.${ext}"
-            WILL_FAIL TRUE)
-    endforeach(ext ${extensions_nocat})
-endforeach(file ${files})
+        # Extract PKCS#7 with data content, output in PEM format
+        add_test(NAME "data_${ext}_pem"
+            COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "extract-data"
+            "-ph"
+            "-h" "sha384"
+            "-add-msi-dse"
+            "-pem" # PEM format
+            "-in" "${FILES}/unsigned.${ext}"
+            "-out" "${FILES}/data_${ext}.pem")
 
-# Tests 103-112
-# Verify attached signature
-# "attach-signature" command is unsupported for CAT files
-set(files "attached_pem" "attached_der")
-foreach(file ${files})
-    foreach(ext ${extensions_nocat})
-        add_test(
-            NAME verify_${file}_${ext}
-            COMMAND osslsigncode "verify"
-            "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
-            "-CAfile" "${CERTS}/CACert.pem"
-            "-CRLfile" "${CERTS}/CACertCRL.pem"
-            "-in" "${FILES}/${file}.${ext}")
-        set_tests_properties(
-            verify_${file}_${ext}
-            PROPERTIES
-            DEPENDS "${file}_${ext}"
-            REQUIRED_FILES "${FILES}/${file}.${ext}")
-    endforeach(ext ${extensions_nocat})
-endforeach(file ${files})
+        # Extract PKCS#7 with data content, output in default DER format
+        add_test(NAME "data_${ext}_der"
+            COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "extract-data"
+            "-ph"
+            "-h" "sha384"
+            "-add-msi-dse"
+            "-in" "${FILES}/unsigned.${ext}"
+            "-out" "${FILES}/data_${ext}.der")
 
+        foreach(data_format ${formats})
+            set_tests_properties("data_${ext}_${data_format}" PROPERTIES
+                DEPENDS "start_server")
+            list(APPEND ALL_TESTS "data_${ext}_${data_format}")
+        endforeach(data_format ${formats})
 
-if((Python3_FOUND OR server_error) AND (OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0" OR CURL_FOUND))
-
-### Sign with Time-Stamp Authority ###
-
-    # Tests 113-142
-    # Sign with the RFC3161 Time-Stamp Authority
-    # Use "cert" "expired" "revoked" without X509v3 CRL Distribution Points extension
-    # and "cert_crldp" "revoked_crldp" contain X509v3 CRL Distribution Points extension
-    set(pem_certs "cert" "expired" "revoked" "cert_crldp" "revoked_crldp")
-    foreach(ext ${extensions_all})
-        foreach(cert ${pem_certs})
-            add_test(
-                NAME sign_ts_${cert}_${ext}
-                COMMAND osslsigncode "sign"
-                "-certs" "${CERTS}/${cert}.pem"
-                "-key" "${CERTS}/key.pem"
+        # Sign a data content, output in DER format
+        foreach(data_format ${formats})
+            add_test(NAME "signed_data_${ext}_${data_format}"
+                COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign"
+                "-pkcs12" "${CERTS}/cert.p12"
+                "-readpass" "${CERTS}/password.txt"
                 "-ac" "${CERTS}/CAcross.pem"
+                "-time" "1556668800" # Signing time: May  1 00:00:00 2019 GMT
+                "-add-msi-dse"
                 "-comm"
                 "-ph"
                 "-jp" "low"
                 "-h" "sha384"
                 "-i" "https://www.osslsigncode.com/"
                 "-n" "osslsigncode"
+                "-in" "${FILES}/data_${ext}.${data_format}"
+                "-out" "${FILES}/signed_data_${ext}_${data_format}.der")
+            set_tests_properties("signed_data_${ext}_${data_format}" PROPERTIES
+                DEPENDS "data_${ext}_pem;data_${ext}_der")
+            list(APPEND ALL_TESTS "signed_data_${ext}_${data_format}")
+        endforeach(data_format ${formats})
+
+        # Sign a data content, output in PEM format
+        foreach(data_format ${formats})
+            add_test(NAME "signed_data_pem_${ext}_${data_format}"
+                COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign"
+                "-pkcs12" "${CERTS}/cert.p12"
+                "-readpass" "${CERTS}/password.txt"
+                "-ac" "${CERTS}/CAcross.pem"
                 "-time" "1556668800" # Signing time: May  1 00:00:00 2019 GMT
-                "-ts" "http://127.0.0.1:${PORT}"
-                "-in" "${FILES}/unsigned.${ext}"
-                "-out" "${FILES}/ts_${cert}.${ext}")
-            set_tests_properties(
-                sign_ts_${cert}_${ext}
-                PROPERTIES
-                ENVIRONMENT "HTTP_PROXY=;http_proxy=;"
-                REQUIRED_FILES "${LOGS}/port.log")
-        endforeach(cert ${pem_certs})
-    endforeach(ext ${extensions_all})
+                "-add-msi-dse"
+                "-comm"
+                "-ph"
+                "-jp" "low"
+                "-h" "sha384"
+                "-i" "https://www.osslsigncode.com/"
+                "-n" "osslsigncode"
+                "-pem" # PEM format
+                "-in" "${FILES}/data_${ext}.${data_format}"
+                "-out" "${FILES}/signed_data_${ext}_${data_format}.pem")
+            set_tests_properties("signed_data_pem_${ext}_${data_format}" PROPERTIES
+                DEPENDS "data_${ext}_${data_format}")
+            list(APPEND ALL_TESTS "signed_data_pem_${ext}_${data_format}")
+       endforeach(data_format ${formats})
+
+        # Attach signature in PEM or DER format
+        foreach(data_format ${formats})
+            foreach(format ${formats})
+                add_test(NAME "attached_data_${ext}_${data_format}_${format}"
+                    COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "attach-signature"
+                    # sign options
+                    "-add-msi-dse"
+                    "-h" "sha384"
+                    "-sigin" "${FILES}/signed_data_${ext}_${data_format}.${format}"
+                    "-in" "${FILES}/unsigned.${ext}"
+                    "-out" "${FILES}/attached_data_${data_format}_${format}.${ext}"
+                    # verify options
+                    "-require-leaf-hash" "FILE ${CERTS}/leafhash.txt"
+                    "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
+                    "-CAfile" "${CERTS}/CACert.pem"
+                    "-CRLfile" "${CERTS}/CACertCRL.pem")
+                set_tests_properties("attached_data_${ext}_${data_format}_${format}" PROPERTIES
+                    DEPENDS "signed_data_${ext}_${data_format};signed_data_pem_${ext}_${data_format}")
+                list(APPEND ALL_TESTS "attached_data_${ext}_${data_format}_${format}")
+            endforeach(format ${formats})
+        endforeach(data_format ${formats})
+    endforeach(ext ${extensions_nocat})
+
+
+    if(OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0" OR CURL_FOUND)
+
+### Sign with Time-Stamp Authority ###
+
+        # Sign with the RFC3161 Time-Stamp Authority
+        set(pem_certs "cert" "expired" "revoked")
+        foreach(ext ${extensions_all})
+            foreach(cert ${pem_certs})
+                add_test(NAME "sign_ts_${cert}_${ext}"
+                    COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign"
+                    "-certs" "${CERTS}/${cert}.pem"
+                    "-key" "${CERTS}/key.pem"
+                    "-ac" "${CERTS}/CAcross.pem"
+                    "-comm"
+                    "-ph"
+                    "-jp" "low"
+                    "-h" "sha384"
+                    "-i" "https://www.osslsigncode.com/"
+                    "-n" "osslsigncode"
+                    "-time" "1556668800" # Signing time: May  1 00:00:00 2019 GMT
+                    "-ts" "FILE ${LOGS}/url.log"
+                    "-in" "${FILES}/unsigned.${ext}"
+                    "-out" "${FILES}/ts_${cert}.${ext}")
+                set_tests_properties("sign_ts_${cert}_${ext}" PROPERTIES
+                    ENVIRONMENT "HTTP_PROXY=;http_proxy="
+                    DEPENDS "start_server")
+                list(APPEND ALL_TESTS "sign_ts_${cert}_${ext}")
+            endforeach(cert ${pem_certs})
+        endforeach(ext ${extensions_all})
 
 
 ### Verify Time-Stamp Authority ###
 
-    # Tests 143-148
-    # Signature verification time: Sep  1 00:00:00 2019 GMT
-    foreach(ext ${extensions_all})
-        add_test(
-            NAME verify_ts_cert_${ext}
-            COMMAND osslsigncode "verify"
-            "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
-            "-CAfile" "${CERTS}/CACert.pem"
-            "-TSA-CAfile" "${CERTS}/TSACA.pem"
-            "-in" "${FILES}/ts_cert.${ext}")
-        set_tests_properties(
-            verify_ts_cert_${ext}
-            PROPERTIES
-            ENVIRONMENT "HTTP_PROXY=;http_proxy=;"
-            DEPENDS "sign_ts_cert_${ext}"
-            REQUIRED_FILES "${FILES}/ts_cert.${ext}"
-            REQUIRED_FILES "${LOGS}/port.log")
-    endforeach(ext ${extensions_all})
+        # Signature verification time: Sep  1 00:00:00 2019 GMT
+        foreach(ext ${extensions_all})
+            add_test(NAME "verify_ts_cert_${ext}"
+                COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify"
+                "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
+                "-CAfile" "${CERTS}/CACert.pem"
+                "-TSA-CAfile" "${CERTS}/TSACA.pem"
+                "-in" "${FILES}/ts_cert.${ext}")
+            set_tests_properties("verify_ts_cert_${ext}" PROPERTIES
+                ENVIRONMENT "HTTP_PROXY=;http_proxy=;"
+                DEPENDS "sign_ts_cert_${ext}")
+            list(APPEND ALL_TESTS "verify_ts_cert_${ext}")
+        endforeach(ext ${extensions_all})
 
-    # Tests 149-154
-    # Signature verification time: Jan  1 00:00:00 2035 GMT
-    foreach(ext ${extensions_all})
-        add_test(
-            NAME verify_ts_future_${ext}
-            COMMAND osslsigncode "verify"
-            "-time" "2051222400" # Signature verification time: Jan  1 00:00:00 2035 GMT
-            "-CAfile" "${CERTS}/CACert.pem"
-            "-TSA-CAfile" "${CERTS}/TSACA.pem"
-            "-in" "${FILES}/ts_cert.${ext}")
-        set_tests_properties(
-            verify_ts_future_${ext}
-            PROPERTIES
-            ENVIRONMENT "HTTP_PROXY=;http_proxy=;"
-            DEPENDS "sign_ts_cert_${ext}"
-            REQUIRED_FILES "${FILES}/ts_cert.${ext}"
-            REQUIRED_FILES "${LOGS}/port.log")
-    endforeach(ext ${extensions_all})
+        # Signature verification time: Jan  1 00:00:00 2035 GMT
+        foreach(ext ${extensions_all})
+            add_test(NAME "verify_ts_future_${ext}"
+                COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify"
+                "-time" "2051222400" # Signature verification time: Jan  1 00:00:00 2035 GMT
+                "-CAfile" "${CERTS}/CACert.pem"
+                "-TSA-CAfile" "${CERTS}/TSACA.pem"
+                "-in" "${FILES}/ts_cert.${ext}")
+            set_tests_properties("verify_ts_future_${ext}" PROPERTIES
+                ENVIRONMENT "HTTP_PROXY=;http_proxy=;"
+                DEPENDS "sign_ts_cert_${ext}")
+            list(APPEND ALL_TESTS "verify_ts_future_${ext}")
+        endforeach(ext ${extensions_all})
 
-    # Tests 155-160
-    # Verify with ignored timestamp
-    # This tests are expected to fail
-    foreach(ext ${extensions_all})
-        add_test(
-            NAME verify_ts_ignore_${ext}
-            COMMAND osslsigncode "verify"
-            "-time" "2051222400" # Signature verification time: Jan  1 00:00:00 2035 GMT
-            "-ignore-timestamp"
-            "-CAfile" "${CERTS}/CACert.pem"
-            "-TSA-CAfile" "${CERTS}/TSACA.pem"
-            "-in" "${FILES}/ts_cert.${ext}")
-        set_tests_properties(
-            verify_ts_ignore_${ext}
-            PROPERTIES
-            ENVIRONMENT "HTTP_PROXY=;http_proxy=;"
-            DEPENDS "sign_ts_cert_${ext}"
-            REQUIRED_FILES "${FILES}/ts_cert.${ext}"
-            REQUIRED_FILES "${LOGS}/port.log"
-            WILL_FAIL TRUE)
-    endforeach(ext ${extensions_all})
+        # Verify with ignored timestamp
+        # This tests are expected to fail
+        foreach(ext ${extensions_all})
+            add_test(NAME "verify_ts_ignore_${ext}"
+                COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify"
+                "-time" "2051222400" # Signature verification time: Jan  1 00:00:00 2035 GMT
+                "-ignore-timestamp"
+                "-CAfile" "${CERTS}/CACert.pem"
+                "-TSA-CAfile" "${CERTS}/TSACA.pem"
+                "-in" "${FILES}/ts_cert.${ext}")
+            set_tests_properties("verify_ts_ignore_${ext}" PROPERTIES
+                ENVIRONMENT "HTTP_PROXY=;http_proxy=;"
+                DEPENDS "sign_ts_cert_${ext}"
+                WILL_FAIL TRUE)
+            list(APPEND ALL_TESTS "verify_ts_ignore_${ext}")
+        endforeach(ext ${extensions_all})
 
 
 ### Verify CRL Distribution Points ###
 
-    # Tests 161-166
-    # Verify file signed with X509v3 CRL Distribution Points extension
-    # Signature verification time: Sep  1 00:00:00 2019 GMT
-    # Check X509v3 CRL Distribution Points extension, don't use "-CRLfile" and "-TSA-CRLfile" options
-    foreach(ext ${extensions_all})
-        add_test(
-            NAME verify_ts_cert_crldp_${ext}
-            COMMAND osslsigncode "verify"
-            "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
-            "-CAfile" "${CERTS}/CACert.pem"
-            "-TSA-CAfile" "${CERTS}/TSACA.pem"
-            "-in" "${FILES}/ts_cert_crldp.${ext}")
-        set_tests_properties(
-            verify_ts_cert_crldp_${ext}
-            PROPERTIES
-            ENVIRONMENT "HTTP_PROXY=;http_proxy=;"
-            DEPENDS "sign_ts_cert_crldp_${ext}"
-            REQUIRED_FILES "${FILES}/ts_cert_crldp.${ext}"
-            REQUIRED_FILES "${LOGS}/port.log")
-    endforeach(ext ${extensions_all})
-
-    # Tests 167-183
-    # Verify with expired or revoked certificate without X509v3 CRL Distribution Points extension
-    # This tests are expected to fail
-    set(failed_certs "expired" "revoked")
-    foreach(ext ${extensions_all})
-        foreach(cert ${failed_certs})
-            add_test(
-                NAME verify_ts_${cert}_${ext}
-                COMMAND osslsigncode "verify"
+        # Verify file signed with X509v3 CRL Distribution Points extension
+        # Signature verification time: Sep  1 00:00:00 2019 GMT
+        # Check X509v3 CRL Distribution Points extension, don't use "-CRLfile" and "-TSA-CRLfile" options
+        foreach(ext ${extensions_all})
+            add_test(NAME "verify_ts_cert_crldp_${ext}"
+                COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify"
                 "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
                 "-CAfile" "${CERTS}/CACert.pem"
-                "-CRLfile" "${CERTS}/CACertCRL.pem"
                 "-TSA-CAfile" "${CERTS}/TSACA.pem"
-                "-in" "${FILES}/ts_${cert}.${ext}")
-            set_tests_properties(
-                verify_ts_${cert}_${ext}
-                PROPERTIES
+                "-in" "${FILES}/ts_cert.${ext}")
+            set_tests_properties("verify_ts_cert_crldp_${ext}" PROPERTIES
                 ENVIRONMENT "HTTP_PROXY=;http_proxy=;"
-                DEPENDS "sign_ts_${cert}_${ext}"
-                REQUIRED_FILES "${FILES}/ts_${cert}.${ext}"
-                REQUIRED_FILES "${LOGS}/port.log"
+                DEPENDS "sign_ts_cert_${ext}")
+            list(APPEND ALL_TESTS "verify_ts_cert_crldp_${ext}")
+        endforeach(ext ${extensions_all})
+
+        # Verify with expired or revoked certificate, ignore X509v3 CRL Distribution Points extension
+        # This tests are expected to fail
+        set(failed_certs "expired" "revoked")
+        foreach(ext ${extensions_all})
+            foreach(cert ${failed_certs})
+                add_test(NAME "verify_ts_${cert}_${ext}"
+                    COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify"
+                    "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
+                    "-CAfile" "${CERTS}/CACert.pem"
+                    "-CRLfile" "${CERTS}/CACertCRL.pem"
+                    "-ignore-cdp"
+                    "-TSA-CAfile" "${CERTS}/TSACA.pem"
+                    "-in" "${FILES}/ts_${cert}.${ext}")
+                set_tests_properties("verify_ts_${cert}_${ext}" PROPERTIES
+                    ENVIRONMENT "HTTP_PROXY=;http_proxy=;"
+                    DEPENDS "sign_ts_${cert}_${ext}"
+                    WILL_FAIL TRUE)
+                list(APPEND ALL_TESTS "verify_ts_${cert}_${ext}")
+            endforeach(cert ${failed_certs})
+        endforeach(ext ${extensions_all})
+
+        # Verify with revoked certificate contains X509v3 CRL Distribution Points extension
+        # Check X509v3 CRL Distribution Points extension, don't use "-CRLfile" and "-TSA-CRLfile" options
+        # This test is expected to fail
+        foreach(ext ${extensions_all})
+            add_test(NAME "verify_ts_revoked_crldp_${ext}"
+                COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify"
+                "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
+                "-CAfile" "${CERTS}/CACert.pem"
+                "-TSA-CAfile" "${CERTS}/TSACA.pem"
+                "-in" "${FILES}/ts_revoked.${ext}")
+            set_tests_properties("verify_ts_revoked_crldp_${ext}" PROPERTIES
+                ENVIRONMENT "HTTP_PROXY=;http_proxy=;"
+                DEPENDS "sign_ts_revoked_${ext}"
                 WILL_FAIL TRUE)
-        endforeach(cert ${failed_certs})
-    endforeach(ext ${extensions_all})
-
-    # Tests 178-184
-    # Verify with revoked certificate contains X509v3 CRL Distribution Points extension
-    # Check X509v3 CRL Distribution Points extension, don't use "-CRLfile" and "-TSA-CRLfile" options
-    # This test is expected to fail
-    foreach(ext ${extensions_all})
-        add_test(
-            NAME verify_ts_revoked_crldp_${ext}
-            COMMAND osslsigncode "verify"
-            "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
-            "-CAfile" "${CERTS}/CACert.pem"
-            "-TSA-CAfile" "${CERTS}/TSACA.pem"
-            "-in" "${FILES}/ts_revoked_crldp.${ext}")
-        set_tests_properties(
-            verify_ts_revoked_crldp_${ext}
-            PROPERTIES
-            ENVIRONMENT "HTTP_PROXY=;http_proxy=;"
-            DEPENDS "sign_ts_revoked_crldp_${ext}"
-            REQUIRED_FILES "${FILES}/ts_revoked_crldp.${ext}"
-            REQUIRED_FILES "${LOGS}/port.log"
-            WILL_FAIL TRUE)
-    endforeach(ext ${extensions_all})
-
-# Tests 185-234
-# Unsupported command "extract-data" for CAT files
-foreach(ext ${extensions_nocat})
-# Extract PKCS#7 with data content, output in PEM format
-    add_test(
-        NAME data_${ext}_pem
-        COMMAND osslsigncode "extract-data"
-        "-ph"
-        "-h" "sha384"
-        "-add-msi-dse"
-        "-pem" # PEM format
-        "-in" "${FILES}/unsigned.${ext}"
-        "-out" "${FILES}/data_${ext}.pem")
-
-# Extract PKCS#7 with data content, output in default DER format
-    add_test(
-        NAME data_${ext}_der
-        COMMAND osslsigncode "extract-data"
-        "-ph"
-        "-h" "sha384"
-        "-add-msi-dse"
-        "-in" "${FILES}/unsigned.${ext}"
-        "-out" "${FILES}/data_${ext}.der")
-
-# Sign a data content, output in DER format
-    foreach(data_format ${formats})
-    add_test(
-        NAME signed_data_${ext}_${data_format}
-        COMMAND osslsigncode "sign"
-        "-pkcs12" "${CERTS}/cert.p12"
-        "-readpass" "${CERTS}/password.txt"
-        "-ac" "${CERTS}/CAcross.pem"
-        "-time" "1556668800" # Signing time: May  1 00:00:00 2019 GMT
-        "-add-msi-dse"
-        "-comm"
-        "-ph"
-        "-jp" "low"
-        "-h" "sha384" "-i" "https://www.osslsigncode.com/"
-        "-n" "osslsigncode"
-        "-in" "${FILES}/data_${ext}.${data_format}"
-        "-out" "${FILES}/signed_data_${ext}_${data_format}.der")
-    endforeach(data_format ${formats})
-
-# Sign a data content, output in PEM format
-    foreach(data_format ${formats})
-    add_test(
-        NAME signed_data_pem_${ext}_${data_format}
-        COMMAND osslsigncode "sign"
-        "-pkcs12" "${CERTS}/cert.p12"
-        "-readpass" "${CERTS}/password.txt"
-        "-ac" "${CERTS}/CAcross.pem"
-        "-time" "1556668800" # Signing time: May  1 00:00:00 2019 GMT
-        "-add-msi-dse"
-        "-comm"
-        "-ph"
-        "-jp" "low"
-        "-h" "sha384" "-i" "https://www.osslsigncode.com/"
-        "-n" "osslsigncode"
-        "-pem" # PEM format
-        "-in" "${FILES}/data_${ext}.${data_format}"
-        "-out" "${FILES}/signed_data_${ext}_${data_format}.pem")
-    endforeach(data_format ${formats})
-
-# Attach signature in PEM or DER format
-    foreach(data_format ${formats})
-        foreach(format ${formats})
-        add_test(
-            NAME attached_data_${ext}_${data_format}_${format}
-            COMMAND osslsigncode "attach-signature"
-            # sign options
-            "-require-leaf-hash" "SHA256:${leafhash}"
-            "-add-msi-dse"
-            "-h" "sha384"
-            "-sigin" "${FILES}/signed_data_${ext}_${data_format}.${format}"
-            "-in" "${FILES}/unsigned.${ext}"
-            "-out" "${FILES}/attached_data_${data_format}_${format}.${ext}"
-            # verify options
-            "-time" "1567296000" # Signature verification time: Sep  1 00:00:00 2019 GMT
-            "-CAfile" "${CERTS}/CACert.pem"
-            "-CRLfile" "${CERTS}/CACertCRL.pem")
-        set_tests_properties(
-            attached_${format}_${ext}
-            PROPERTIES
-            DEPENDS "signed_data_${ext}_${data_format}:data_${ext}_${format}")
-        endforeach(format ${formats})
-    endforeach(data_format ${formats})
-endforeach(ext ${extensions_nocat})
+            list(APPEND ALL_TESTS "verify_ts_revoked_crldp_${ext}")
+        endforeach(ext ${extensions_all})
 
 ### Cleanup ###
-# Stop HTTP server
-    if(STOP_SERVER)
-        add_test(NAME stop_server
-        COMMAND ${Python3_EXECUTABLE} "${CLIENT_HTTP}")
-        set_tests_properties(
-            stop_server
-            PROPERTIES
-            REQUIRED_FILES "${LOGS}/port.log")
-    else(STOP_SERVER)
-        message(STATUS "Keep HTTP server after tests")
-    endif(STOP_SERVER)
+    # Stop HTTP server
+        if(STOP_SERVER)
+            add_test(NAME "stop_server"
+            COMMAND ${Python3_EXECUTABLE} "${TEST_DIR}/client_http.py")
+            set_tests_properties("stop_server" PROPERTIES
+                DEPENDS "${ALL_TESTS}")
+            list(APPEND ALL_TESTS "stop_server")
+        else(STOP_SERVER)
+            message(STATUS "Keep HTTP server after tests")
+        endif(STOP_SERVER)
 
-else((Python3_FOUND OR server_error) AND (OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0" OR CURL_FOUND))
-    message(STATUS "CTest skips some tests")
-endif((Python3_FOUND OR server_error) AND (OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0" OR CURL_FOUND))
+    else(OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0" OR CURL_FOUND)
+        message(STATUS "CTest skips some tests")
+    endif(OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0" OR CURL_FOUND)
 
-# Delete test files
-set(names "legacy" "signed" "signed_crldp" "nested" "revoked" "removed" "added")
-foreach(ext ${extensions_all})
-    foreach(name ${names})
-        set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${name}.${ext}")
-    endforeach(name ${names})
-    foreach(cert ${pem_certs})
-        set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/ts_${cert}.${ext}")
-    endforeach(cert ${pem_certs})
-    foreach(format ${formats})
-        set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}")
-        set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}")
-        set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/attached_${format}.${ext}")
-        set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/data_${ext}.${format}")
-        foreach(data_format ${formats})
-            set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/signed_data_${ext}_${format}.${data_format}")
-            set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/attached_data_${data_format}_${format}.${ext}")
-        endforeach(data_format ${formats})
-    endforeach(format ${formats})
-    set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jreq.tsq")
-    set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jresp.tsr")
-endforeach(ext ${extensions_all})
+    # Delete test files
+    set(names "signed" "nested" "revoked" "removed" "added")
+    foreach(ext ${extensions_all})
+        foreach(name ${names})
+            set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${name}.${ext}")
+        endforeach(name ${names})
+        foreach(cert ${pem_certs})
+            set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/ts_${cert}.${ext}")
+        endforeach(cert ${pem_certs})
+        foreach(format ${formats})
+            set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}")
+            set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}")
+            set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/attached_${format}.${ext}")
+            set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/data_${ext}.${format}")
+            foreach(data_format ${formats})
+                set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/signed_data_${ext}_${format}.${data_format}")
+                set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/attached_data_${data_format}_${format}.${ext}")
+            endforeach(data_format ${formats})
+        endforeach(format ${formats})
+        set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jreq.tsq")
+        set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jresp.tsr")
+    endforeach(ext ${extensions_all})
+
+    add_test(NAME "remove_files"
+        COMMAND ${CMAKE_COMMAND} -E rm -f ${OUTPUT_FILES})
+
+    set_tests_properties("remove_files" PROPERTIES
+        DEPENDS "${ALL_TESTS}")
+
+endif(Python3_FOUND AND NOT cryptography_error)
 
-add_test(NAME remove_files
-    COMMAND ${CMAKE_COMMAND} -E rm -f ${OUTPUT_FILES})
 
 #[[
 Local Variables:
diff --git a/osslsigncode.c b/osslsigncode.c
index c5e5a9e..0b4c822 100644
--- a/osslsigncode.c
+++ b/osslsigncode.c
@@ -2520,7 +2520,7 @@ static time_t time_t_timestamp_get_attributes(CMS_ContentInfo **timestamp, PKCS7
     printf("Message digest algorithm: %s\n",
         (md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2sn(md_nid));
 
-    /* Unauthenticated attributes */
+    /* Authenticated attributes */
     auth_attr = PKCS7_get_signed_attributes(si); /* cont[0] */
     printf("\nAuthenticated attributes:\n");
     for (i=0; i<X509at_get_attr_count(auth_attr); i++) {
diff --git a/tests/.gitignore b/tests/.gitignore
new file mode 100644
index 0000000..7cf8b9c
--- /dev/null
+++ b/tests/.gitignore
@@ -0,0 +1,2 @@
+__pycache__
+.pylintrc
diff --git a/tests/certs/CACert.pem b/tests/certs/CACert.pem
deleted file mode 100644
index 8bc90d9..0000000
--- a/tests/certs/CACert.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDoTCCAomgAwIBAgIUVD6Q+gnrOmJWbEnmfydpUg2JNmswDQYJKoZIhvcNAQEL
-BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
-CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
-MTcwMTAxMDAwMDAwWhcNMzYxMjI3MDAwMDAwWjBYMQswCQYDVQQGEwJQTDEVMBMG
-A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eTEQMA4GA1UEAwwHUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAMUvCAWI9LrgtVw9RARZLFb/qB1868H86eyr8oITzXl6u9FSQwvGH1MG
-szRhuD9TJAjy1uIiVPJ7ez2VjKXm2G9lUZMPJQRt50XTGbsGGDi4ITU1W3P+HI5u
-45I0IL14Qv/R8X26lndBzlY4ImoCTAN4KzdfvoGLaMpNvbC1P7a4mlukrumi3WKT
-RAq46Mj5DAqr63NOolWimtTB+h0ZWv+xxngR7cfo+EimvhPB7y3xhY9OJ/27l6mJ
-uQJohz5PmzhZByluMhicTsd2cJEKQb7jnih492okCj6vH/FJmKg+DzXKTyue5Ki4
-2jhzM9v1npyIkd7s/gnZVEsHH6oQIt8CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB
-/zAdBgNVHQ4EFgQUGjxG/vql0oJgItr7HsLaW+koiMgwHwYDVR0jBBgwFoAUGjxG
-/vql0oJgItr7HsLaW+koiMgwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUA
-A4IBAQAy7AKbO8B8Njseqjy2LAj2sKHCLc1jsQa7izOAtr852NYFAfpBvkqQfxne
-8k5iPKmcJE+Sm4wv3V/lzx2AHEXAPa7BgiAo7yeo9UbrDgRRGw4MirQ/djp44ekv
-KCc54bSE/paUZyEWKr8NbdBy7SZfZ/Dd+XUY2lbm3Mue3AzWl4xp4StoT6oaw6VI
-H6bIhZupond/RWp4jmHHEfvl4T6YLzl5FC+Ec2xBbpk5vAVZgyfrlv+W6V/il/X9
-KTZl5ax4FJAm7vPn6fsgdAM5y24zJUAkeakKFsBYtoVoGg1iiFuMEGwFRn7EZYl1
-8D16qEH+YPLCzujH1PhzjmmAfKl2
------END CERTIFICATE-----
diff --git a/tests/certs/CACertCRL.der b/tests/certs/CACertCRL.der
deleted file mode 100644
index f0d9c32..0000000
Binary files a/tests/certs/CACertCRL.der and /dev/null differ
diff --git a/tests/certs/CACertCRL.pem b/tests/certs/CACertCRL.pem
deleted file mode 100644
index 2b2e3c0..0000000
--- a/tests/certs/CACertCRL.pem
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN X509 CRL-----
-MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJQTDEVMBMGA1UE
-CgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBFw0xOTAxMDEwMDAwMDBaFw00MzAx
-MDEwMDAwMDBaMCcwJQIUazbrVgbYb+IN803UmJJa0DPHQsAXDTI0MDIyNzE1MzAx
-NFqgMDAuMB8GA1UdIwQYMBaAFGQQ8as5N9zB/bsdyD9BWHdiJ+8pMAsGA1UdFAQE
-AgIQATANBgkqhkiG9w0BAQsFAAOCAQEAV+Ce8WaNN/PXbVT9rOy/TS2EDrM/oFPG
-vwZr2IQDcBtgFV5DpNZRKJo2m4mjPPt1eCjE404U2r6081bvq3PtwSPwezV+uCzF
-dDUafeR0eZhmzxD8M2Jmi5hGp3fQevDrA4+RR33DneYSNfzGx35VN8v/L7/TuA5X
-0PG8b5hL9f3vsVXvFRj6hMkRy5m+gxFfWW/Uw3fXIt9sDLJ+eAKURdqn1c3CEwD6
-bzh0s6dSXT4wp5/l96x8fKAv5hMqDC7KufvwjhhSXdYXDOHDQcv0g5aLo8Ug8dHg
-NJHqbTAAViyGfvsS9/pYb8kHpAWvaADK84tzaMzj7uCDXlCZEjIr7w==
------END X509 CRL-----
diff --git a/tests/certs/CACertCRL_crldp.pem b/tests/certs/CACertCRL_crldp.pem
deleted file mode 100644
index 39b5532..0000000
--- a/tests/certs/CACertCRL_crldp.pem
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN X509 CRL-----
-MIICMzCCARsCAQEwDQYJKoZIhvcNAQELBQAwZzELMAkGA1UEBhMCUEwxFTATBgNV
-BAoMDG9zc2xzaWduY29kZTEgMB4GA1UECwwXQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkxHzAdBgNVBAMMFkludGVybWVkaWF0ZSBDQSBDUkwgRFAXDTE5MDEwMTAwMDAw
-MFoXDTQzMDEwMTAwMDAwMFowTjAlAhQcZvYIe2b1FreAKfoi/uGkSGJCthcNMjQw
-MjI3MTUzMDE0WjAlAhRrNutWBthv4g3zTdSYklrQM8dCwBcNMjQwMjI3MTUzMDE0
-WqAwMC4wHwYDVR0jBBgwFoAUFDxiqeJxiJbmZ4erKH0pBIhq7SMwCwYDVR0UBAQC
-AhACMA0GCSqGSIb3DQEBCwUAA4IBAQBZzGXEP4XdKuJ8ANIBGPu1Z+7T+4ln+nu3
-MEPC9BexVAA02YPZx6i4c3cHC87aOL7zsr/K9OeF5MAYzi2QJwsenF4b9QL2rzQV
-sCAb3sY5ImAxN38GTJ+oI+uTeOefNE0wS7pP4phRmYNZwyDhxA2iT76+luoygyth
-NesiGalMFDrJvUM1DADTZGQrz9cQVgFq9WTcta9rdTYqSNctxkbpQaY0hgssH1Sh
-hWlSiFttciA2XVD7Ju/Qv9zN4nCQC0LskgKhqsefsOukpo6jqJ92OmNrrNaERfqs
-Yavzuj6DlcnE46ZxA0y2Du1apz0WDlbcAnsEqfNSDDCid09v+V9a
------END X509 CRL-----
diff --git a/tests/certs/CAcross.pem b/tests/certs/CAcross.pem
deleted file mode 100644
index 110e669..0000000
--- a/tests/certs/CAcross.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDqTCCApGgAwIBAgIUKFKqG3FwQAmy4HgYyO4mGEiQ8QAwDQYJKoZIhvcNAQEL
-BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
-CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD1RydXN0ZWQgUm9v
-dCBDQTAeFw0xODAxMDEwMDAwMDBaFw0zNzEyMjcwMDAwMDBaMFgxCzAJBgNVBAYT
-AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxIDAeBgNVBAsMF0NlcnRpZmljYXRp
-b24gQXV0aG9yaXR5MRAwDgYDVQQDDAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAxS8IBYj0uuC1XD1EBFksVv+oHXzrwfzp7KvyghPNeXq7
-0VJDC8YfUwazNGG4P1MkCPLW4iJU8nt7PZWMpebYb2VRkw8lBG3nRdMZuwYYOLgh
-NTVbc/4cjm7jkjQgvXhC/9HxfbqWd0HOVjgiagJMA3grN1++gYtoyk29sLU/tria
-W6Su6aLdYpNECrjoyPkMCqvrc06iVaKa1MH6HRla/7HGeBHtx+j4SKa+E8HvLfGF
-j04n/buXqYm5AmiHPk+bOFkHKW4yGJxOx3ZwkQpBvuOeKHj3aiQKPq8f8UmYqD4P
-NcpPK57kqLjaOHMz2/WenIiR3uz+CdlUSwcfqhAi3wIDAQABo2MwYTAPBgNVHRMB
-Af8EBTADAQH/MB0GA1UdDgQWBBQaPEb++qXSgmAi2vsewtpb6SiIyDAfBgNVHSME
-GDAWgBSzLyt07qrH3+rgkQCvS/YZ3jR+fzAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZI
-hvcNAQELBQADggEBADCY4hadNyzoz0CpdpBcFjyglxOkgcitIAgvoc2N5zwHrkg7
-BgJM1BJmCyki0AhXRKwl7sYbzNHgAhP1pBNjZqO13+cRcqPKvrxpYnsv11HaPS2E
-Ee/8EwHB3JlWlmWd6PHaJV0usRjDOuJnV/I/9mdFfIUcY0aoA36o2CCRJRKcvvVp
-Ztomnvw8IqFTn3GCNK3TRmVf2RYMhsDNQoEEidJENwCCRlcojmk1Ld95T89QsGOR
-cWJAHzyfbMQxRD7kQPZ4B2M8MvU3uD6nsamzvVM7H0UkSNuYLVkpU/wTUR8eQ2LI
-wFyi9JhKP4hF/RBuSzIHpXWO46GvzAO5dXZPLm0=
------END CERTIFICATE-----
diff --git a/tests/certs/CAroot.pem b/tests/certs/CAroot.pem
deleted file mode 100644
index 6fb0d11..0000000
--- a/tests/certs/CAroot.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDsTCCApmgAwIBAgIUQQOniemvgowXmc2hZSZoIWEF8DUwDQYJKoZIhvcNAQEL
-BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
-CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD1RydXN0ZWQgUm9v
-dCBDQTAeFw0xNzAxMDEwMDAwMDBaFw0zNjEyMjcwMDAwMDBaMGAxCzAJBgNVBAYT
-AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxIDAeBgNVBAsMF0NlcnRpZmljYXRp
-b24gQXV0aG9yaXR5MRgwFgYDVQQDDA9UcnVzdGVkIFJvb3QgQ0EwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCL2tfObRQcJ4fo/jarNfQVmeqjulYkLLNG
-UtYmFSAxkcYbmpfHpsSxnW9sbDZV8Cp6tFa97V7XATCNL/r671lpZjkYEj0NkjBE
-84OI0pkAEwWC5m3+dl3wehu977OcV7cMxNTmAHJwEadXR3jmZV625/lja1QqgkqK
-MqOty2pJNmsRUEogjFoh00eulnapW5u72ovq9IDgjjhdvAClwkTY5jsLTeDwgvfS
-MRjAmef2qExI/l760Bl0xe4XDdROgN90npS/zuKcCkThtvmffiUZsyeel1kto1pF
-zkYGJroWSJl0Jt+dpJHcpSXOXP5M+LnuLV4nl5vqwksdPzswQvuZAgMBAAGjYzBh
-MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLMvK3Tuqsff6uCRAK9L9hneNH5/
-MB8GA1UdIwQYMBaAFLMvK3Tuqsff6uCRAK9L9hneNH5/MA4GA1UdDwEB/wQEAwIB
-hjANBgkqhkiG9w0BAQsFAAOCAQEAesmiOEl8OA+T4DDOgjfhY6+pUZDDKpsx//mj
-/1bxr+akfwL3dN5IBq8g8tJJHOLqrl7Lard7onDRnz8GZmpkPvFa87QD2PU2addo
-DAQWdYsDrNMWkAE37Wk7FZ0RyFHiBopRUMspKmx/XwvJf+rhkidjJYxCo317i/Z8
-fWi//wGsI6ogezOsMCxNEcIn2PltGfDiVFklmwsXhyfvGYfctqepu661a/7hFUaP
-uN0iEboTDcQuiWwwEEwMe55L1rjDlpRkGUBah5FteGmVwk0AoT4b+1FVrj9Q6sEa
-Ge6gsrhu2syUF9CErTW/CiV+jONe2ygw4welOBo598QW71w7Vw==
------END CERTIFICATE-----
diff --git a/tests/certs/TSA.key b/tests/certs/TSA.key
deleted file mode 100644
index e351c1a..0000000
--- a/tests/certs/TSA.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCplbeNvGrZmTDz
-p48TyvpOX36bGPMfyTVc8ZfAoh0SG86EFc1LHBV2K52dshHYqniQ6lE14jhsRPps
-YRBUFXO7I84Jd5CVcrvBWGuL8wXxjMwIW5buzY4x5oKowlyQGIasNiC8Mgx8TncJ
-kVWE6ekgoP4i1f4PVsFyG8zVNpI5VzHArAemYhvDjuA5jgTisfP8ph2pxUKTzYAI
-SaKm2YkBFvyhhTxtqnXHt8S0NnfDSCedKSzl1caN1TAKSbWoeChb+Tq8rycjPXh/
-/7TkYgxmlSHiQhRcyEaZs54Ud8Q0nsnfRMhEtewr2IACmuKrFnoS+GtY5glPilR5
-ScZ+7A9TAgMBAAECggEABOI/XIzFYMzeg2Rg8DAquQlyc92NE5zPtW0/WxhhizdT
-bPF3EISXh9DdMimCBeH8XxIzWFfSeFaoNFHp1GCf9ckYRuptk8ppz3OKVhOIbxqr
-YNY9UVVCrEFmjJ0Vxj7Be5M9TTEU4mxLVX4FtmDVClubeOxyX/oqcr4uwme0Az6A
-tjBVzl+YEYvZrbhao5d09LVQ3zj1T1EQ+XU5iTTV5Two86FQ6NQ9txe7jxcB8x8S
-BbD/PakmZj+oIdVBp4xnrhCJ3mYdzXy3qHWxq/BtHgS5fY3/tq3xtVSNxw7QJG7j
-CT2Cps3/99Lq2CPi8OkQKgjJwWqCZ0jOwHahEMlWIQKBgQDneq4LH0zfPJIW2zsi
-C7U813hV4NuQXd5EW2bmNe4KKnlrcbt3ZtJv8v3Ff5lMm1i8jDCeaeGhZOi/Ag/z
-aTtM1STFFEQg3QktcSAvS7hXufvAeufSrPOZdpBO51wqZl5wLMp2lsq885R3wnRl
-FtIErdmsLigVMC8RZ++gFNIjMQKBgQC7jJE93wV3j36QA7NAgxNH0AW5p5foWuA8
-gR8MA9cpFI7X7q6hW9HYXw30kD3IzN6UW4U5LT4Pandxx484G1KENcyW2TzeGtpC
-MWBWHF4Mbxb/2pEkQoPk1dZmUxF5hvaGGHQYJn/pnJFavGUoNBlNjaIfgStzd1IO
-68ceo5URwwKBgGjHJjrQmzo9L5968sRRamM04Tp2QsyRQMfOW8B+ztX5LebNn17H
-wx97bRVV0a1UcBFAn81E/iXRCG1VYKT8kCQSIse2ibQaeUoBd+EQtEu5WtRgjcjW
-Epn3ihC9NwHWPo8mJysQzIpE84JWGducPcpyayI97lTQ761AT741Tn0xAoGARtG2
-ioFrhBEoPmNXTZXxMt3HO6qgPvoJ0G8FdTkCBx4fLkSPppiQbb6++0l4Oxm5NpY0
-gTmnRJT0U3+CgjI2/3t9LL0NMeU742DXusxtaw6LxcMXqXSAb2mb0vmtEJG5Bzu2
-ouPuyxz2+idHn13E7Db+MB1Ldgdpcf7wKo6knJcCgYBwbcjW0MwCah3w4N4VLXBX
-Q5wPSw7cRcytHqrrWkT/nTI3fxwd7UW6ZdM0IwGIAwYgBYD5B78KH0aP6BlUmYWu
-8vut6S/MsNyCzHQVbcR9BUK3drByzhysVE3TUQKjCA33v6M/tTixhpyPf+ZZtjlK
-b1+6D1aGpwt+11f9ubd+Nw==
------END PRIVATE KEY-----
diff --git a/tests/certs/TSA.pem b/tests/certs/TSA.pem
deleted file mode 100644
index 358af6a..0000000
--- a/tests/certs/TSA.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEMzCCAxugAwIBAgIUAQ9lOMiuXUZuKaxzEpwQmCzU7aowDQYJKoZIhvcNAQEL
-BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE
-CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v
-dCBDQTAeFw0xODAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBaMFUxCzAJBgNVBAYT
-AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxHDAaBgNVBAsME1RpbWVzdGFtcCBB
-dXRob3JpdHkxETAPBgNVBAMMCFRlc3QgVFNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAqZW3jbxq2Zkw86ePE8r6Tl9+mxjzH8k1XPGXwKIdEhvOhBXN
-SxwVdiudnbIR2Kp4kOpRNeI4bET6bGEQVBVzuyPOCXeQlXK7wVhri/MF8YzMCFuW
-7s2OMeaCqMJckBiGrDYgvDIMfE53CZFVhOnpIKD+ItX+D1bBchvM1TaSOVcxwKwH
-pmIbw47gOY4E4rHz/KYdqcVCk82ACEmiptmJARb8oYU8bap1x7fEtDZ3w0gnnSks
-5dXGjdUwCkm1qHgoW/k6vK8nIz14f/+05GIMZpUh4kIUXMhGmbOeFHfENJ7J30TI
-RLXsK9iAApriqxZ6EvhrWOYJT4pUeUnGfuwPUwIDAQABo4HvMIHsMAwGA1UdEwEB
-/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFKryJiH4Y0KO
-x2nCc4cOvih1VzjmMB8GA1UdIwQYMBaAFD8ujz0I9Y7079ZMe9X7cO3/rSj5MC0G
-A1UdHwQmMCQwIqAgoB6GHGh0dHA6Ly8xMjcuMC4wLjE6MTkyNTQvVFNBQ0EwVQYD
-VR0eBE4wTKAYMAqCCHRlc3QuY29tMAqCCHRlc3Qub3JnoTAwCocIAAAAAAAAAAAw
-IocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDQYJKoZIhvcNAQEL
-BQADggEBAAhzijhC1kvBV75rxRqj27gtYRG8dNkHc5umzwXyNNMn2tI/kO2Rf+ES
-9RamQE9sfvOgg3UqfXIfRPsC4cBHnjT+ELdqbt4byk3LPtstJGFuLy0iNRNY9f1j
-lBJrldLZNNsIpNMQa0u5h/z4m0CAA8j6ayUvcoR11y2zYHkHlSScTq/s7gSQzXlK
-z4DRiiYif2OEdKVeRCqlDV8AOlhm1+9am74dkfO71aT0G2hko2u19NWZvjc/DqI1
-V+e2g5TDE7V65d9vvf9tA26i0At/VazvnhsgdpgUkwS6mjUvx+gW3i5YJhtXjdAX
-hpE0ajpKT0x/dNa/qCwl/9zc8XxGnPk=
------END CERTIFICATE-----
diff --git a/tests/certs/TSACA.pem b/tests/certs/TSACA.pem
deleted file mode 100644
index cd21c7a..0000000
--- a/tests/certs/TSACA.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDkDCCAnigAwIBAgIULFuB5HWsyba6VHu2Ygv2vt4R4/swDQYJKoZIhvcNAQEL
-BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE
-CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v
-dCBDQTAeFw0xNzAxMDEwMDAwMDBaFw0zNjEyMjcwMDAwMDBaMGAxCzAJBgNVBAYT
-AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxJDAiBgNVBAsMG1RpbWVzdGFtcCBB
-dXRob3JpdHkgUm9vdCBDQTEUMBIGA1UEAwwLVFNBIFJvb3QgQ0EwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBo8JJDwVm6UTZvA2g/tOZ3xIbKYXI92Rn
-T/FCCUycsB5tmoSWcmy1AB6UDv7bFMGy4mdbxnErtdytGj+hEIO3O2EBbpBLAmlJ
-CEVNRrz/YbxGoJmeAii9s3jignUpTr/qLMSKkLowuqABZl2XtCp7Q83YlZPkVhFL
-kCAny89cG/QGAUxViN7HB4jWzhcBTTfD4PFvSU1HZNhPM0Y6BCpv2qrof3/tPnQr
-xM2zVZoIonQpf6paga61O9fM4wc1GqxGGwARz6Bxq6w2OxRDsV/biqP9gVUj0XmF
-6o/draf3MkDswOUZyKpujOUIf12ezXJFPWaCRN1Rl0vwV2CyVxkvAgMBAAGjQjBA
-MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFD8ujz0I9Y7079ZMe9X7cO3/rSj5
-MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAtHmPfVgu6Y7uWcpq
-AdawOTZ/2ICOvAMmQ0LcXKmSpgsneHiyAL1Wwe2/XxTwmrpHylOapIIuV3irHCXU
-CxaTMUyZGfXoUWsxnR8bcb5ac/aFKkC3ynE2/IfFyJOQ724cK5FRK1+piVleP4Rx
-C04KQiuxuVLedyvGh5OPU/94ZW2JuuBjImVAO/lUbYhAUSpwueX2lYKSSPLkPfDx
-AsIp55x70iQ+EsgARvseVY2JRzvRnuh66V4P15wn3dIzjtWQ1/t007wMk5Lji5dQ
-iSvdyqULBytBqDtLPLzRuma1KJEPRIamF1j6Or6HaHSVUorRhqI3XuxEUGdO4LxZ
-QepMyA==
------END CERTIFICATE-----
diff --git a/tests/certs/TSACertCRL.der b/tests/certs/TSACertCRL.der
deleted file mode 100644
index 3ef7548..0000000
Binary files a/tests/certs/TSACertCRL.der and /dev/null differ
diff --git a/tests/certs/TSACertCRL.pem b/tests/certs/TSACertCRL.pem
deleted file mode 100644
index e1ff545..0000000
--- a/tests/certs/TSACertCRL.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN X509 CRL-----
-MIICUzCCATsCAQEwDQYJKoZIhvcNAQELBQAwYDELMAkGA1UEBhMCUEwxFTATBgNV
-BAoMDG9zc2xzaWduY29kZTEkMCIGA1UECwwbVGltZXN0YW1wIEF1dGhvcml0eSBS
-b290IENBMRQwEgYDVQQDDAtUU0EgUm9vdCBDQRcNMTkwMTAxMDAwMDAwWhcNNDMw
-MTAxMDAwMDAwWjB1MCUCFA5lCWy+o133yMUTfqtWmkigL1MeFw0yNDAyMjcxNTMw
-MTVaMCUCFBxm9gh7ZvUWt4Ap+iL+4aRIYkK2Fw0yNDAyMjcxNTMwMTRaMCUCFGs2
-61YG2G/iDfNN1JiSWtAzx0LAFw0yNDAyMjcxNTMwMTRaoDAwLjAfBgNVHSMEGDAW
-gBQ/Lo89CPWO9O/WTHvV+3Dt/60o+TALBgNVHRQEBAICEAMwDQYJKoZIhvcNAQEL
-BQADggEBAJ1HK2LepVJyOfqbODFxD6GJo5jr1HEnoaZ1h/iJTZZyDYfRf8d8Y/VG
-Iva00gj2KVy8tOlO0FrUR1Tqk42IjaPld0lXqKl4hkmCUWLpLgual5JcQPHhDUnT
-hiIDvbI5UHGCWeN+unXFRuT9CvtAM+3FOhuL9bBnXwdlOxZPWL8wnYT0jB/HzdKP
-KOWfN7eEXo6tTL8XxRJ5LxjwbrK1eZCdQqL2Rt2W8JTMweeqv9PkNqzYeDAvKc0s
-UCkKj+aNxQlNPy+Tw/MckJK1NE921b8LwuV0uzBrOg0Gr62RnnPGa6Z5YLArczWo
-aZlLVsJuQrOxxyXe/kygCu9lqjaf4CI=
------END X509 CRL-----
diff --git a/tests/certs/TSA_revoked.key b/tests/certs/TSA_revoked.key
deleted file mode 100644
index 54de7c9..0000000
--- a/tests/certs/TSA_revoked.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDxU8lwCceWEesm
-HIQu9M8mIznHFWmxFF55E16DseWr1K2FbOKnNv1ddNhUHFhBQChcGPn/CvwfOMR7
-DbCETrty9HUtoK3fCVZQuYIjZwRLZZB2ryLgO4PK+j07Z61yABi7NKBKv8oHISLU
-QcNg7rBAZhmAurKpNu2Gpz/jFpFXwd6O+8xnsYFLT0zyjrq0rEvLmWQd5FBQaVt7
-P+U9GH3GCg0kmdhIXAfdfSnqzj0OMnnzVdnEYrd1mYx+ZA7m0CmVJw330QXWiyax
-wimNHUvlpIiZA8ol17tAybinhPL5nSM/LRZ2PN90EgyX1bv3x/cKCEiOYPSZ7xXV
-mrRGjCtjAgMBAAECggEAHj01fIh9LdzI7lmcZpXebxTy5HNWbw3yWJGIwk/ES6e2
-poViUTmevdsqUD/M/0AezouCp+akePUQCatJdwq2ikz/cdw0bUIqQqs8F1uNOjVb
-yMNhR1+tv/1jNtJi9Wn1r1+ExlkJ46LPTnF/HeJKy4b/oxXB1VpAoSLL6pSlWa1+
-+iEWM+s6xlxyFkeWPq3L3u1QGkuW58KqQae86mR8Mgc0kOVuTCqWpHgNjfxt7tnt
-L/oBE9zEJmS3iZcGh1X5VR4CUQmtrCp7ldNdhSNk5WcNCNSsuIX+B13s658a0sRB
-AnPIX08moB5VHZ/danblny5Zo6SrobWBBcTabwjnYQKBgQD/BHktS70tQj3yBqVL
-xXmaO5ozqMLqF9A2o4EiJ/pF07ecHXmbiGaP9Nf/FJemuU5OHjw8akuxKn2M+DTu
-gHYOHwByA9/SOeAiD8bp/dJNE+2BO2zygoG/adhEV5tLK8IYdz241t8oVZbQLwql
-ZCs1uFab6E/cZEJgSQ0QuC8vtwKBgQDyQc+MX56UFFCP1QpWLIwFVdoPbOj/3cVZ
-FIjQO9rNYNIscS36nISIBh0voubI2xFvO7/s+WS1pD1bOmn6qwsndewFGdmMtjnN
-YguakmHAUmcF33f+gXVzwR91QvGPTjI2Fzd59OwOrZofO1+hajQiBKIP2B9VHJNP
-khspe44JtQKBgFqTTyrMZNOnXHMS8zC3Ydpq4vkILrqQXK6bYiksg9K7QNKdEW0x
-hCQLNZBu0vIvjOVoDcLzihDR46fnHH29eLDJSBI22A9F6RqP+flv4nrn4gptfeOg
-gM7onByh9RE86IJiD7UP9FDSHW+x1Zkqu8Inx/M2Du9bWMv0BkTy9id/AoGBAOEy
-oDcDZCyPPdyW1AcLXhZPmmegfG/tvlhyqEO6gElO6dF6XJ2NBf5UgKkZq6OnUWuv
-hVhK9X2M8aRuhroIalQCYKbVQtB1TQJJVDQaQ1g+wZpKBAfIXGCAdDfTRS5MKIzz
-xBRQw2dZpd3Gmb05NsEwwV4tL+M0rxPW4/0J6B3JAoGAB1vlzPsfKVvV9jwVpfdO
-W2MWAqPF4iI716zLt2F30WNe/42MudQGvMYUEPTYQMu3hhpQk/6UFY2Mfux6+OKk
-zG1khRdlq9BkCczfSVjkUvf4wTUUY5b66i4EpeJ//8OArZEx67LhmW715h/LExzG
-jkdwUMLiaSrpf8KSTL3NxM0=
------END PRIVATE KEY-----
diff --git a/tests/certs/TSA_revoked.pem b/tests/certs/TSA_revoked.pem
deleted file mode 100644
index d10f0cf..0000000
--- a/tests/certs/TSA_revoked.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEIjCCAwqgAwIBAgIUDmUJbL6jXffIxRN+q1aaSKAvUx4wDQYJKoZIhvcNAQEL
-BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE
-CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v
-dCBDQTAeFw0xODAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBaMEQxCzAJBgNVBAYT
-AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNVBAsMA1RTQTEQMA4GA1UE
-AwwHUmV2b2tlZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPFTyXAJ
-x5YR6yYchC70zyYjOccVabEUXnkTXoOx5avUrYVs4qc2/V102FQcWEFAKFwY+f8K
-/B84xHsNsIROu3L0dS2grd8JVlC5giNnBEtlkHavIuA7g8r6PTtnrXIAGLs0oEq/
-ygchItRBw2DusEBmGYC6sqk27YanP+MWkVfB3o77zGexgUtPTPKOurSsS8uZZB3k
-UFBpW3s/5T0YfcYKDSSZ2EhcB919KerOPQ4yefNV2cRit3WZjH5kDubQKZUnDffR
-BdaLJrHCKY0dS+WkiJkDyiXXu0DJuKeE8vmdIz8tFnY833QSDJfVu/fH9woISI5g
-9JnvFdWatEaMK2MCAwEAAaOB7zCB7DAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQM
-MAoGCCsGAQUFBwMIMB0GA1UdDgQWBBTTuQ7LmtwtVydASwFBXd4xUIEh3jAfBgNV
-HSMEGDAWgBQ/Lo89CPWO9O/WTHvV+3Dt/60o+TAtBgNVHR8EJjAkMCKgIKAehhxo
-dHRwOi8vMTI3LjAuMC4xOjE5MjU0L1RTQUNBMFUGA1UdHgROMEygGDAKggh0ZXN0
-LmNvbTAKggh0ZXN0Lm9yZ6EwMAqHCAAAAAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAA
-AAAAAAAAAAAAAAAAAAAAAAAAMA0GCSqGSIb3DQEBCwUAA4IBAQBMiBltqGRRLmK9
-0RymCJ4oxmX2jwZ4SM7fem39Ozei7NIQIw5nlkPJ7ZWyfQQNFMIujfwJJGzDguax
-mMJHWngzbKjkbdSHnQswxT79RRwenlIKkExck6p2OUT82nGu/6TBIYutMJlITwKF
-5OEmu+WneCvTkvEs0wussIug7E7dV6jJO9/TbwWyrtqU/t9GNRbu/4FIdQ9p9pK9
-BcqaPmjn7IqnLs94THFfMFH0HVkqpLOfa9Wa8uc/C7WyIMTkchXb4U7/8B/hsDj7
-BfKwN/F+IMNw4Rfqytk2JSWuV4pr7MiBweLKBwGgt4DhvfZj32Y/WFNANxtYkE9e
-55mIPqG5
------END CERTIFICATE-----
diff --git a/tests/certs/cert.der b/tests/certs/cert.der
deleted file mode 100644
index 3f66476..0000000
Binary files a/tests/certs/cert.der and /dev/null differ
diff --git a/tests/certs/cert.p12 b/tests/certs/cert.p12
deleted file mode 100644
index 066127f..0000000
Binary files a/tests/certs/cert.p12 and /dev/null differ
diff --git a/tests/certs/cert.pem b/tests/certs/cert.pem
deleted file mode 100644
index 8195b61..0000000
--- a/tests/certs/cert.pem
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID7jCCAtagAwIBAgIUKiF/FG2pQjlbId3ox+nQHL/tJ4UwDQYJKoZIhvcNAQEL
-BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
-CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD0ludGVybWVkaWF0
-ZSBDQTAeFw0xODAxMDEwMDAwMDBaFw0zNDEyMzEwMDAwMDBaMIGdMQswCQYDVQQG
-EwJQTDEZMBcGA1UECAwQTWF6b3ZpYSBQcm92aW5jZTEPMA0GA1UEBwwGV2Fyc2F3
-MRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNVBAsMA0NTUDEUMBIGA1UEAwwL
-Q2VydGlmaWNhdGUxJzAlBgkqhkiG9w0BCQEWGG9zc2xzaWduY29kZUBleGFtcGxl
-LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdBCaytt9xsrUx0
-2Fekq+IrsR2cC1pL9NANN3TbBv8RKt1IefMh8TjA1uPaOYZvz3o2ml9qKGmJ+uxH
-kzLojKbg98bcmxBrkWemLQwmRv1hZIO8D4xiYRd0O0KZizrvwWwlNADzXXWw7iz+
-MPPWkXj2nT5MpOTi3S851SwOc/c9SYCazCP8rMGItKHLO7iCjK3sFwBDI9eaTd2N
-EjqEHadIymHRizeTOaYv34FokQiRgR/zk4flT6+b6DQHxnlbIivV61OP4bBlFtXX
-jC4iGdHLIahhVMlw6ixGqR6910psIp0ST0KM8ly+N+1rPhoNkNSLqkzGUudKo7mV
-t+Cp4EMCAwEAAaNiMGAwCQYDVR0TBAIwADAdBgNVHQ4EFgQU6a4Ta3t0UCTG04bC
-WMCotMPLyWUwHwYDVR0jBBgwFoAUZBDxqzk33MH9ux3IP0FYd2In7ykwEwYDVR0l
-BAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEBAN2Sad4rLRSKWmaRRUCn
-syRO45y7zzvCRApHVSoeBUmtHP+n/OZ3rJTixfluqiGFAqbaXgTN8IantyfqoTjV
-XgCP1qzSM3staLCkeAiZ0/OLW+hyHopP8aXX2ez/hMojB/J1b457+vkuudnNiLx8
-by44nonUnJb3zyxmCSxcBklNP1wlxYjbbq5hFJ/et2/Y5Ct6igYAEMsYZUEUq3e7
-g2GWbqNN/i2tnJyGjDPrNRdOuODuclfIDnYSPn83a40XHn+Hgl9SmoXuSdDutAXC
-b017GsOa7OV3ZPildcIa3d/yk4S3L56SdoY+Py4NIIDmxcjji1e91qCrrFfGYwmg
-TkQ=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDrDCCApSgAwIBAgIUcRGFYn4pUMRoDtFZhU1EOAPdiWwwDQYJKoZIhvcNAQEL
-BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
-CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
-MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG
-A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEA5yrw3i+fvxBSODvCoQb+9ibWRozmphJBp57tKv9ZraQ5
-THK+PkCdjNiJuxZn8F1QLsjJo6JqrrXufYln7wixK0Seu4uV6I2TRzcRyJx29D89
-0G9GrTXKn7v8z32QAqCgtwSZ17uWYTFmRAYPllWXcWDONsVyw3UF2nClndL7GMqM
-gDizlwsfg8HmRpZegn82I7Y2DXccm9a7pFHuBHpwenKqfBnMsXo3Jj4Xlr1cLTrh
-+6ksS5YogOsOd9b5Dfz6FaGmmwrlUWHwdi+EzdnSpOnXzmgflF23sZQ0ynsVvmpl
-iD4rXBWnxnQ6Ken3wVPNrA/0ZYGbgSKrcv+/olkh5QIDAQABo2YwZDASBgNVHRMB
-Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBRkEPGrOTfcwf27Hcg/QVh3YifvKTAfBgNV
-HSMEGDAWgBQaPEb++qXSgmAi2vsewtpb6SiIyDAOBgNVHQ8BAf8EBAMCAYYwDQYJ
-KoZIhvcNAQELBQADggEBAL22kK3SDGnr3lhRE7ipptlKalrQKfpght0XEKm5hxCL
-tougN2wtaTEWMwr2YfGJohcKBaGKQ+Bv6WY+EV+hJE4qEUFh6BGqRMtuZdiAbkG+
-EveEMhZWQzgf9rUID+Y9Eg+NfCxlpkdQPjUxUV9OkGIshlxkUP8Y+C0h0xIcwq5v
-hAfNiJAdcw4fUvtLkpEOFoOjThB8zxOu+Cl3xLCcNOMPLdSxd3YXjy6CMuuOk4RB
-gOc8YCyyEvwb9KmARZpMOcQJmucMhs+aC3DF+n71g+agFhDl3Z0QkyyyRjAcD04+
-sAR9C8PbqSCQAdydHbAFViEX6x3oGJ7L6zEDcIS10wg=
------END CERTIFICATE-----
diff --git a/tests/certs/cert.spc b/tests/certs/cert.spc
deleted file mode 100644
index 2d101b4..0000000
Binary files a/tests/certs/cert.spc and /dev/null differ
diff --git a/tests/certs/cert_crldp.pem b/tests/certs/cert_crldp.pem
deleted file mode 100644
index 777ca98..0000000
--- a/tests/certs/cert_crldp.pem
+++ /dev/null
@@ -1,47 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEPTCCAyWgAwIBAgIUe8Im9GuMCHMi3/FDfLgzoE8vTKgwDQYJKoZIhvcNAQEL
-BQAwZzELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
-CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAMMFkludGVybWVkaWF0
-ZSBDQSBDUkwgRFAwHhcNMTgwMTAxMDAwMDAwWhcNMzQxMjMxMDAwMDAwWjCBqzEL
-MAkGA1UEBhMCUEwxGTAXBgNVBAgMEE1hem92aWEgUHJvdmluY2UxDzANBgNVBAcM
-BldhcnNhdzEVMBMGA1UECgwMb3NzbHNpZ25jb2RlMQwwCgYDVQQLDANDU1AxIjAg
-BgNVBAMMGUNlcnRpZmljYXRlIFg1MDl2MyBDUkwgRFAxJzAlBgkqhkiG9w0BCQEW
-GG9zc2xzaWduY29kZUBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAMdBCaytt9xsrUx02Fekq+IrsR2cC1pL9NANN3TbBv8RKt1IefMh
-8TjA1uPaOYZvz3o2ml9qKGmJ+uxHkzLojKbg98bcmxBrkWemLQwmRv1hZIO8D4xi
-YRd0O0KZizrvwWwlNADzXXWw7iz+MPPWkXj2nT5MpOTi3S851SwOc/c9SYCazCP8
-rMGItKHLO7iCjK3sFwBDI9eaTd2NEjqEHadIymHRizeTOaYv34FokQiRgR/zk4fl
-T6+b6DQHxnlbIivV61OP4bBlFtXXjC4iGdHLIahhVMlw6ixGqR6910psIp0ST0KM
-8ly+N+1rPhoNkNSLqkzGUudKo7mVt+Cp4EMCAwEAAaOBmzCBmDAJBgNVHRMEAjAA
-MB0GA1UdDgQWBBTprhNre3RQJMbThsJYwKi0w8vJZTAfBgNVHSMEGDAWgBQUPGKp
-4nGIluZnh6sofSkEiGrtIzATBgNVHSUEDDAKBggrBgEFBQcDAzA2BgNVHR8ELzAt
-MCugKaAnhiVodHRwOi8vMTI3LjAuMC4xOjE5MjU0L2ludGVybWVkaWF0ZUNBMA0G
-CSqGSIb3DQEBCwUAA4IBAQBlJrcOaJQQ3TuYaVtmH8VbCdF3GQE+255g0Kq4sWoO
-ZgZm6LmRkchuoOXqeZ7aAV6HnGGpZf64ShPSZ3KPt4/UVYkRyS0UihN2ACsGrS4o
-ZjOaaoM2xDxttngKV3lAF4xbx18RvAsx9QIzQhzowaSUBQNuu5W4tne/6h7htuwA
-KNc0go4fqpCqQjNRVeB1IN50BzUrlHu3zQzfH0LDyUTt2gnObLHMl566Ft0azAG9
-emHRM+BOUjKY3ZTjM+JEzpwWgse6e4r+J2fYVYIEtkSfm4ZZnAs5WFWI5o8tqr4b
-ruBN7l6oP6R3ugOtPk7tW4x7OO0QoDnfa418MkBlXeqL
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDszCCApugAwIBAgIUN3RBnJCUJ8HmbeNjJZ/6jsXJLGEwDQYJKoZIhvcNAQEL
-BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
-CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
-MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBnMQswCQYDVQQGEwJQTDEVMBMG
-A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eTEfMB0GA1UEAwwWSW50ZXJtZWRpYXRlIENBIENSTCBEUDCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAME32IBpxW4FhVuZe1PTarEskVHP233QjZtx
-poC67/lUK44gtFmsxYsMrDYmmny5pfoM/Byxl5/rorEddLqtDe1kd1SpXUvEYxox
-s5rizRd5sZPgkwNoJkSVyNZFwj7gKZHeg6IQHSxNgmTybZ+eZqiNvEveksj3lGpM
-Xrbiew7cXUyIP636GPtYxLyIbwDVP0jScqcA/dmSAqofFVUi0SW3OS1hpyXAmmx8
-hQHJRKPjPgitZVgjwf5X8/eMTa+ca9dRlRFLk7AcbkF6NcbLm+cRo816nO0EBFV4
-Sn2dW9uYqJIfZcpRQ7wbv4fUCghwrk9h3gXrb7AweyK8nyYlmosCAwEAAaNmMGQw
-EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUFDxiqeJxiJbmZ4erKH0pBIhq
-7SMwHwYDVR0jBBgwFoAUGjxG/vql0oJgItr7HsLaW+koiMgwDgYDVR0PAQH/BAQD
-AgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAlI/1XnGc9WzL53rRascZc1EgWAnej9YFS
-Dax5+nozYTihC8BRxGfSh1FGRVsmFWhZ0z0XogJJC2bZrQ/36+vwoILItcsWHrQr
-rFoZa6s1Uo7ZCd9SfmXjbhMLQgydocCh9YIF66CAkQLwRXc1QIpF7nuZ+rxk0ru1
-uGjjBrFRfdSdzlFnyK6wfFzi6LtYDVgVEHC7zzL9E/cyuGo7qQ++SoOg99HjTVY1
-PS3ea522bRO2bJpYwZJvvbg020DAfm686VXwAadODdBkI2h6U5SwTxp4SkSmq9SI
-mjtERFtnAKD0R2YrX4RzuIckezvwsqLDkQjMnI9XQmv5HWUZimcC
------END CERTIFICATE-----
diff --git a/tests/certs/expired.pem b/tests/certs/expired.pem
deleted file mode 100644
index c798cda..0000000
--- a/tests/certs/expired.pem
+++ /dev/null
@@ -1,45 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID6jCCAtKgAwIBAgIUcgUgRT1Lx8XLdgp7xcWxVl9YBjYwDQYJKoZIhvcNAQEL
-BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
-CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD0ludGVybWVkaWF0
-ZSBDQTAeFw0xODAxMDEwMDAwMDBaFw0xOTAxMDEwMDAwMDBaMIGZMQswCQYDVQQG
-EwJQTDEZMBcGA1UECAwQTWF6b3ZpYSBQcm92aW5jZTEPMA0GA1UEBwwGV2Fyc2F3
-MRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNVBAsMA0NTUDEQMA4GA1UEAwwH
-RXhwaXJlZDEnMCUGCSqGSIb3DQEJARYYb3NzbHNpZ25jb2RlQGV4YW1wbGUuY29t
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0EJrK233GytTHTYV6Sr
-4iuxHZwLWkv00A03dNsG/xEq3Uh58yHxOMDW49o5hm/PejaaX2ooaYn67EeTMuiM
-puD3xtybEGuRZ6YtDCZG/WFkg7wPjGJhF3Q7QpmLOu/BbCU0APNddbDuLP4w89aR
-ePadPkyk5OLdLznVLA5z9z1JgJrMI/yswYi0ocs7uIKMrewXAEMj15pN3Y0SOoQd
-p0jKYdGLN5M5pi/fgWiRCJGBH/OTh+VPr5voNAfGeVsiK9XrU4/hsGUW1deMLiIZ
-0cshqGFUyXDqLEapHr3XSmwinRJPQozyXL437Ws+Gg2Q1IuqTMZS50qjuZW34Kng
-QwIDAQABo2IwYDAJBgNVHRMEAjAAMB0GA1UdDgQWBBTprhNre3RQJMbThsJYwKi0
-w8vJZTAfBgNVHSMEGDAWgBRkEPGrOTfcwf27Hcg/QVh3YifvKTATBgNVHSUEDDAK
-BggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAQEA0AxgPkboWfIOMYFOP6kQ4nxY
-jQ+kAH842ALjm/5z20fYPS0k3LiCNS0FfBPzygeWQLwDGcH2QX6Lfec62CeIe9R9
-IAdsX+nNxn9FeIZssfMK3EPgksGUybUNub78mXPrnhCNjYf/GmDY/Cf7jhBtNphK
-6zCPOC0WDrupnLW7r4FyrB1j2CEgaHhiSmlQ+19rqbvcNfaCOMfe7IfiwkvVIzE6
-tQhnudB/HnW3+pWT83n/KQk0F8lu00fahkak/0bPidTe4zOvepabiWYQXKJ9ZXhm
-UW7FHHSM5Vbn2A6zyEht7rcK/gkpHbkckoIi6bDMFMp+K9o3qV7PzZPkaau7fg==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDrDCCApSgAwIBAgIUcRGFYn4pUMRoDtFZhU1EOAPdiWwwDQYJKoZIhvcNAQEL
-BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
-CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
-MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG
-A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEA5yrw3i+fvxBSODvCoQb+9ibWRozmphJBp57tKv9ZraQ5
-THK+PkCdjNiJuxZn8F1QLsjJo6JqrrXufYln7wixK0Seu4uV6I2TRzcRyJx29D89
-0G9GrTXKn7v8z32QAqCgtwSZ17uWYTFmRAYPllWXcWDONsVyw3UF2nClndL7GMqM
-gDizlwsfg8HmRpZegn82I7Y2DXccm9a7pFHuBHpwenKqfBnMsXo3Jj4Xlr1cLTrh
-+6ksS5YogOsOd9b5Dfz6FaGmmwrlUWHwdi+EzdnSpOnXzmgflF23sZQ0ynsVvmpl
-iD4rXBWnxnQ6Ken3wVPNrA/0ZYGbgSKrcv+/olkh5QIDAQABo2YwZDASBgNVHRMB
-Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBRkEPGrOTfcwf27Hcg/QVh3YifvKTAfBgNV
-HSMEGDAWgBQaPEb++qXSgmAi2vsewtpb6SiIyDAOBgNVHQ8BAf8EBAMCAYYwDQYJ
-KoZIhvcNAQELBQADggEBAL22kK3SDGnr3lhRE7ipptlKalrQKfpght0XEKm5hxCL
-tougN2wtaTEWMwr2YfGJohcKBaGKQ+Bv6WY+EV+hJE4qEUFh6BGqRMtuZdiAbkG+
-EveEMhZWQzgf9rUID+Y9Eg+NfCxlpkdQPjUxUV9OkGIshlxkUP8Y+C0h0xIcwq5v
-hAfNiJAdcw4fUvtLkpEOFoOjThB8zxOu+Cl3xLCcNOMPLdSxd3YXjy6CMuuOk4RB
-gOc8YCyyEvwb9KmARZpMOcQJmucMhs+aC3DF+n71g+agFhDl3Z0QkyyyRjAcD04+
-sAR9C8PbqSCQAdydHbAFViEX6x3oGJ7L6zEDcIS10wg=
------END CERTIFICATE-----
diff --git a/tests/certs/intermediateCA.pem b/tests/certs/intermediateCA.pem
deleted file mode 100644
index cbc2c73..0000000
--- a/tests/certs/intermediateCA.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDrDCCApSgAwIBAgIUcRGFYn4pUMRoDtFZhU1EOAPdiWwwDQYJKoZIhvcNAQEL
-BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
-CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
-MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG
-A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEA5yrw3i+fvxBSODvCoQb+9ibWRozmphJBp57tKv9ZraQ5
-THK+PkCdjNiJuxZn8F1QLsjJo6JqrrXufYln7wixK0Seu4uV6I2TRzcRyJx29D89
-0G9GrTXKn7v8z32QAqCgtwSZ17uWYTFmRAYPllWXcWDONsVyw3UF2nClndL7GMqM
-gDizlwsfg8HmRpZegn82I7Y2DXccm9a7pFHuBHpwenKqfBnMsXo3Jj4Xlr1cLTrh
-+6ksS5YogOsOd9b5Dfz6FaGmmwrlUWHwdi+EzdnSpOnXzmgflF23sZQ0ynsVvmpl
-iD4rXBWnxnQ6Ken3wVPNrA/0ZYGbgSKrcv+/olkh5QIDAQABo2YwZDASBgNVHRMB
-Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBRkEPGrOTfcwf27Hcg/QVh3YifvKTAfBgNV
-HSMEGDAWgBQaPEb++qXSgmAi2vsewtpb6SiIyDAOBgNVHQ8BAf8EBAMCAYYwDQYJ
-KoZIhvcNAQELBQADggEBAL22kK3SDGnr3lhRE7ipptlKalrQKfpght0XEKm5hxCL
-tougN2wtaTEWMwr2YfGJohcKBaGKQ+Bv6WY+EV+hJE4qEUFh6BGqRMtuZdiAbkG+
-EveEMhZWQzgf9rUID+Y9Eg+NfCxlpkdQPjUxUV9OkGIshlxkUP8Y+C0h0xIcwq5v
-hAfNiJAdcw4fUvtLkpEOFoOjThB8zxOu+Cl3xLCcNOMPLdSxd3YXjy6CMuuOk4RB
-gOc8YCyyEvwb9KmARZpMOcQJmucMhs+aC3DF+n71g+agFhDl3Z0QkyyyRjAcD04+
-sAR9C8PbqSCQAdydHbAFViEX6x3oGJ7L6zEDcIS10wg=
------END CERTIFICATE-----
diff --git a/tests/certs/intermediateCA_crldp.pem b/tests/certs/intermediateCA_crldp.pem
deleted file mode 100644
index 719001b..0000000
--- a/tests/certs/intermediateCA_crldp.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDszCCApugAwIBAgIUN3RBnJCUJ8HmbeNjJZ/6jsXJLGEwDQYJKoZIhvcNAQEL
-BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
-CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
-MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBnMQswCQYDVQQGEwJQTDEVMBMG
-A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eTEfMB0GA1UEAwwWSW50ZXJtZWRpYXRlIENBIENSTCBEUDCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAME32IBpxW4FhVuZe1PTarEskVHP233QjZtx
-poC67/lUK44gtFmsxYsMrDYmmny5pfoM/Byxl5/rorEddLqtDe1kd1SpXUvEYxox
-s5rizRd5sZPgkwNoJkSVyNZFwj7gKZHeg6IQHSxNgmTybZ+eZqiNvEveksj3lGpM
-Xrbiew7cXUyIP636GPtYxLyIbwDVP0jScqcA/dmSAqofFVUi0SW3OS1hpyXAmmx8
-hQHJRKPjPgitZVgjwf5X8/eMTa+ca9dRlRFLk7AcbkF6NcbLm+cRo816nO0EBFV4
-Sn2dW9uYqJIfZcpRQ7wbv4fUCghwrk9h3gXrb7AweyK8nyYlmosCAwEAAaNmMGQw
-EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUFDxiqeJxiJbmZ4erKH0pBIhq
-7SMwHwYDVR0jBBgwFoAUGjxG/vql0oJgItr7HsLaW+koiMgwDgYDVR0PAQH/BAQD
-AgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAlI/1XnGc9WzL53rRascZc1EgWAnej9YFS
-Dax5+nozYTihC8BRxGfSh1FGRVsmFWhZ0z0XogJJC2bZrQ/36+vwoILItcsWHrQr
-rFoZa6s1Uo7ZCd9SfmXjbhMLQgydocCh9YIF66CAkQLwRXc1QIpF7nuZ+rxk0ru1
-uGjjBrFRfdSdzlFnyK6wfFzi6LtYDVgVEHC7zzL9E/cyuGo7qQ++SoOg99HjTVY1
-PS3ea522bRO2bJpYwZJvvbg020DAfm686VXwAadODdBkI2h6U5SwTxp4SkSmq9SI
-mjtERFtnAKD0R2YrX4RzuIckezvwsqLDkQjMnI9XQmv5HWUZimcC
------END CERTIFICATE-----
diff --git a/tests/certs/key.der b/tests/certs/key.der
deleted file mode 100644
index 41d55a6..0000000
Binary files a/tests/certs/key.der and /dev/null differ
diff --git a/tests/certs/key.pem b/tests/certs/key.pem
deleted file mode 100644
index 3681689..0000000
--- a/tests/certs/key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDHQQmsrbfcbK1M
-dNhXpKviK7EdnAtaS/TQDTd02wb/ESrdSHnzIfE4wNbj2jmGb896Nppfaihpifrs
-R5My6Iym4PfG3JsQa5Fnpi0MJkb9YWSDvA+MYmEXdDtCmYs678FsJTQA8111sO4s
-/jDz1pF49p0+TKTk4t0vOdUsDnP3PUmAmswj/KzBiLShyzu4goyt7BcAQyPXmk3d
-jRI6hB2nSMph0Ys3kzmmL9+BaJEIkYEf85OH5U+vm+g0B8Z5WyIr1etTj+GwZRbV
-14wuIhnRyyGoYVTJcOosRqkevddKbCKdEk9CjPJcvjftaz4aDZDUi6pMxlLnSqO5
-lbfgqeBDAgMBAAECggEABtHIBfvwFgA2Mi6xlNZS96utJSlJDi8ZUuGQ61Pvul0Z
-DXfEjLi1q86VzDiUzXAYNsOVpvxYI7yQNPQCKrTg03lRoaG9QOOdl2GNmyPYPCXQ
-Ld4K3jAjyIy21oGwzTSVdyES1ZF+ul9y12FfxYirc+tk2FQBNMA697nP/PEFsQl9
-cMxBB5CIGH7jSI6UIbp99Kd90ScbnE2mLACM3d0s0sRq783P9yJGpM9a71XE/K2p
-CxoRxwqmNRGvI5LrGs1zIF2BSZZgNT71cdfMnAIJBeaoNY7QTKDQlg9xQojE+0if
-is16mMhrHQbIFBSxHDRR4uVdiY4iKDB6Lg2pMGcjUQKBgQDzWI2O8bh+YvaEM9QN
-uUC1LI6oGzj7+wxkIhjXhCX680EFeJk6AQqNfu5VoBN/nrCXxqjNGKhjqDmtzxjD
-y9LYTCJ8rM9eCkrgcdCFkTQNcdNT/zqkHeOIxsoXgsFLhYozWcbiW+8oe9MTrXX/
-m9u9kTHkSjKziof7wxGXu3pAmQKBgQDRnYd+urSG0bulBccqT06pJpQMjYIi6CqQ
-LYEkLlELxOT+EPeEH1ZdgYkDzzgKoO5L/Jp0Ic6kKEQv+o4l+g1gJp6V5wwX81nv
-FJApcg51Yma6WQb6PEJ8HiZ531JQpGZZPmJvRIvEdqw+Dz/dferTApvOlD9s4PfM
-xG4R/EoFOwKBgQCEQdW2IhQWxOycj5qp1syfa1chcKI4+YoThiCgSZdm2/yz34bP
-6q70lk8sxHK0gugRpYwq5ELo3w5yM8OO7uFqY36+6iFOSCPH9rPRVEjJIdsspOQX
-PJNkzD4cJxmtVSf2ns2kSzkhdKMU58rhILF+R0Kpg9YolJsxrySJpgBcyQKBgQCC
-KCTYRiqOhHDVuU7AMNqRIclQOhYSgsLbH8ZOpwvgGPRv5i0rNyIzkZl4ahVMVD1j
-pYhqkAt11yLv/86AOlJP3+sc/Yh+3rZ7Q/N4KMBdlypej6VLgFtwInCVwFumg06i
-H6CToqZ+6YluR53KdMN5HueMUHVJsC9uUJJgTJ3RvQKBgFPi8mgG4zcdoKBhqyq2
-x3VQEe0VYnzBsIz42E/NFpuB4ZwC7j0Uez+QFUj76UKMsoE6fX9/lGNdg/zitRBc
-M21R9HeWuQHSM6nJ/ScK7C0vqQVsGOr/DKGEydvSjkPsyIbCw8qEdOq8idAULEKj
-GlIpzzm+MYzra4yB4VpRw5ES
------END PRIVATE KEY-----
diff --git a/tests/certs/key.pvk b/tests/certs/key.pvk
deleted file mode 100644
index 661a8dc..0000000
Binary files a/tests/certs/key.pvk and /dev/null differ
diff --git a/tests/certs/keyp.pem b/tests/certs/keyp.pem
deleted file mode 100644
index b2534ad..0000000
--- a/tests/certs/keyp.pem
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIY7PpABd5xsYCAggA
-MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECC8FH8kZE5H/BIIEyK9LnEmc3VYK
-kqwBBX15exPIRrsmeGkoSSrnHUeLzV0E2CN9bEL1XwJtX6d4YGYHnH7MopV9LPgl
-Fdu2CvWXt5XLOMb3FJ38zZGtNnbYWZLbVlgQANZaTRCZaoWHS57KulgbtbJnn3PQ
-DdYHaCiRh95pgPrdklEs0PhvBe98kR4xGJPoiGn+gJ75Ik4kwW/vJTcQeKbcU4oQ
-MGIVXV66NU+Pc1d3CTYm9hwIys70+J9QtT1aSoENeYr1e+sHgzN7ykDalfAir/dZ
-/E91Zg4RFV4clvvVmoAyXmZFpMxj5pLYGvdjBxTURh+8mdulfJMpKHjJldx7N9+I
-cusGwKVXQcIXI76lxvKo08oENq0C6112+++s6bYtwzuk/Auk+dQ2mn2/gLgs6fsy
-pi1ZKUoO8pdm8N4QzqPsFc2/ny5oSy6A6EKDC/tKoP59r6qJtoYselfypFsWemIo
-F/W0HmZzC5OJMEqUxbKIuH7Xhx0ufs4TytzYMEnUVH0ChLan67VvFIcq4sLoMaW0
-d2jyDdIe4WcmVckJtjudbIhcRsXtoSVB8PYjdHOmI9YZVksPreeKk7stf06V3PBU
-/hsBpzlWu8xO6+cMGrlvoqOov3WAmD1/LW/ITggjLb28r7LnUrYTbj95xZ8Zd8s9
-hx60MZpTJKni/Kfd5yVZw7xZWLHxNWdBbZxlCkvvFN5Ik0FjULLblfIfYa38zwp1
-P6Dbw0wBSNhpsdsGcnkB+YWlzyIJzC99EZqgC3cGmb+9UGuj2bmvzx0hlIY4APCf
-lfiFNXUHxxRZCV/Cp3TXqh3h7t99KvVoIzEIV8iUDMLG7dsnf2Y1z7AQ3cfL8tmC
-qTlKH8QdMn87ntjcU1fynE3X/bL4+Fy8ZWeCWHHPLU2TP6Z7xBkXVB77gm0rK2cU
-lJVZKB3kVemSvu9OennBAiE7yjusqCLyTJo9GlI3H7xM+jHf0CZM149n2yV7w98Z
-Nag2b4iYnbVa1CRcL+4Y5zfA6AwCXvkqKcqyUqK4ZEvd1VnN9L+pTWrxaAxukC5f
-KyKXKd+HdiS2b8fFVYKmpq+lK02zxuIJpLh7JlcztNinm67irwg+7VZczpX46Za1
-waPuAnJ6zA6pVdRKxpXx5AnAh9vlCtlyakREx6NajG7f2nCe6IrznyVQ45jlkmwp
-od0kAjsd/xp0NyvWI5A9ICU+pJ5xqhUGkXPvIxj1IqTFa7k4lYKiKgqeKoyLnzYA
-+R1iQikwewxEahamhjiBH2xPYmZ77EjIF3EtLbpI02fxHR8LjyIBJ/HNnarKqJp0
-HYhLJQ8z7uyAESfXY997UnTtgLQHEX5/6DKYqlNWdzRiIEGfleujHmaAb9kf9Xrr
-r2EVc0E4q2/wvgMHn8GRSv6K7pQC//vNmBuNGCAMBl8t6y1QxDrX+UBn97HGk96Z
-LqRoVM2mz1cS/tiP4+MSB0zqzGbHsk9xoEY0QeRPvjJfGc1skRWwdo8LA8Hf1pi1
-/exyJzHNdxVdxM4CKMnXbTNCxKlhhZhUaWzELNjI5bQ5oQfechEypsFYAQETU5NS
-182MgLMhkxqqcxLHcHIGE1ApZKXhY5siO0k4TTb2Kqxgn2fBUyLQLMVaVrHhZwxg
-XwiQ2Rt3JBHrzPy9wXL8hw==
------END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/certs/legacy.p12 b/tests/certs/legacy.p12
deleted file mode 100644
index 92d04d0..0000000
Binary files a/tests/certs/legacy.p12 and /dev/null differ
diff --git a/tests/certs/password.txt b/tests/certs/password.txt
deleted file mode 100644
index eafd3b5..0000000
--- a/tests/certs/password.txt
+++ /dev/null
@@ -1 +0,0 @@
-passme
\ No newline at end of file
diff --git a/tests/certs/revoked.pem b/tests/certs/revoked.pem
deleted file mode 100644
index 70cfa72..0000000
--- a/tests/certs/revoked.pem
+++ /dev/null
@@ -1,45 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDvTCCAqWgAwIBAgIUazbrVgbYb+IN803UmJJa0DPHQsAwDQYJKoZIhvcNAQEL
-BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
-CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGDAWBgNVBAMMD0ludGVybWVkaWF0
-ZSBDQTAeFw0xODAxMDEwMDAwMDBaFw0zNDEyMzEwMDAwMDBaMG0xCzAJBgNVBAYT
-AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxDDAKBgNVBAsMA0NTUDEQMA4GA1UE
-AwwHUmV2b2tlZDEnMCUGCSqGSIb3DQEJARYYb3NzbHNpZ25jb2RlQGV4YW1wbGUu
-Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0EJrK233GytTHTY
-V6Sr4iuxHZwLWkv00A03dNsG/xEq3Uh58yHxOMDW49o5hm/PejaaX2ooaYn67EeT
-MuiMpuD3xtybEGuRZ6YtDCZG/WFkg7wPjGJhF3Q7QpmLOu/BbCU0APNddbDuLP4w
-89aRePadPkyk5OLdLznVLA5z9z1JgJrMI/yswYi0ocs7uIKMrewXAEMj15pN3Y0S
-OoQdp0jKYdGLN5M5pi/fgWiRCJGBH/OTh+VPr5voNAfGeVsiK9XrU4/hsGUW1deM
-LiIZ0cshqGFUyXDqLEapHr3XSmwinRJPQozyXL437Ws+Gg2Q1IuqTMZS50qjuZW3
-4KngQwIDAQABo2IwYDAJBgNVHRMEAjAAMB0GA1UdDgQWBBTprhNre3RQJMbThsJY
-wKi0w8vJZTAfBgNVHSMEGDAWgBRkEPGrOTfcwf27Hcg/QVh3YifvKTATBgNVHSUE
-DDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAQEAFJjwxpYA2jzrmF1mdKx/
-up8gl6iISsHDc7oLAv63oUYXpFwzpNfvi1TGqYVhntAH2t/1XdA1HKdBp2LDsEnt
-Av66c6HxyNPka26ZGD70+w5q8uHrIOO6MZw0eaLwu9bJI4cLbRXlKwxkGSzXHGYs
-1hGR2YwAiMrqtVMPetlpd62y6qUZc0lEOhjJ6DsIfqSgO8AsdyI7Ao+cDqEZ1I/Q
-Oi1Agn8kz8TtfWKxkX06EoL4DrZCDb1/w0CGQJATq77pKst+zw+B+2EKqlpuG3s/
-FE7RkCjG7bEFIDEK2909BXQNyQJzp7ih9X8QeEx5fnPr9lDfe/75YjRqoHkfmcTC
-Hw==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDrDCCApSgAwIBAgIUcRGFYn4pUMRoDtFZhU1EOAPdiWwwDQYJKoZIhvcNAQEL
-BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
-CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
-MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBgMQswCQYDVQQGEwJQTDEVMBMG
-A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eTEYMBYGA1UEAwwPSW50ZXJtZWRpYXRlIENBMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEA5yrw3i+fvxBSODvCoQb+9ibWRozmphJBp57tKv9ZraQ5
-THK+PkCdjNiJuxZn8F1QLsjJo6JqrrXufYln7wixK0Seu4uV6I2TRzcRyJx29D89
-0G9GrTXKn7v8z32QAqCgtwSZ17uWYTFmRAYPllWXcWDONsVyw3UF2nClndL7GMqM
-gDizlwsfg8HmRpZegn82I7Y2DXccm9a7pFHuBHpwenKqfBnMsXo3Jj4Xlr1cLTrh
-+6ksS5YogOsOd9b5Dfz6FaGmmwrlUWHwdi+EzdnSpOnXzmgflF23sZQ0ynsVvmpl
-iD4rXBWnxnQ6Ken3wVPNrA/0ZYGbgSKrcv+/olkh5QIDAQABo2YwZDASBgNVHRMB
-Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBRkEPGrOTfcwf27Hcg/QVh3YifvKTAfBgNV
-HSMEGDAWgBQaPEb++qXSgmAi2vsewtpb6SiIyDAOBgNVHQ8BAf8EBAMCAYYwDQYJ
-KoZIhvcNAQELBQADggEBAL22kK3SDGnr3lhRE7ipptlKalrQKfpght0XEKm5hxCL
-tougN2wtaTEWMwr2YfGJohcKBaGKQ+Bv6WY+EV+hJE4qEUFh6BGqRMtuZdiAbkG+
-EveEMhZWQzgf9rUID+Y9Eg+NfCxlpkdQPjUxUV9OkGIshlxkUP8Y+C0h0xIcwq5v
-hAfNiJAdcw4fUvtLkpEOFoOjThB8zxOu+Cl3xLCcNOMPLdSxd3YXjy6CMuuOk4RB
-gOc8YCyyEvwb9KmARZpMOcQJmucMhs+aC3DF+n71g+agFhDl3Z0QkyyyRjAcD04+
-sAR9C8PbqSCQAdydHbAFViEX6x3oGJ7L6zEDcIS10wg=
------END CERTIFICATE-----
diff --git a/tests/certs/revoked_crldp.pem b/tests/certs/revoked_crldp.pem
deleted file mode 100644
index ae386b9..0000000
--- a/tests/certs/revoked_crldp.pem
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEDDCCAvSgAwIBAgIUHGb2CHtm9Ra3gCn6Iv7hpEhiQrYwDQYJKoZIhvcNAQEL
-BQAwZzELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
-CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAMMFkludGVybWVkaWF0
-ZSBDQSBDUkwgRFAwHhcNMTgwMTAxMDAwMDAwWhcNMzQxMjMxMDAwMDAwWjB7MQsw
-CQYDVQQGEwJQTDEVMBMGA1UECgwMb3NzbHNpZ25jb2RlMQwwCgYDVQQLDANDU1Ax
-HjAcBgNVBAMMFVJldm9rZWQgWDUwOXYzIENSTCBEUDEnMCUGCSqGSIb3DQEJARYY
-b3NzbHNpZ25jb2RlQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAx0EJrK233GytTHTYV6Sr4iuxHZwLWkv00A03dNsG/xEq3Uh58yHx
-OMDW49o5hm/PejaaX2ooaYn67EeTMuiMpuD3xtybEGuRZ6YtDCZG/WFkg7wPjGJh
-F3Q7QpmLOu/BbCU0APNddbDuLP4w89aRePadPkyk5OLdLznVLA5z9z1JgJrMI/ys
-wYi0ocs7uIKMrewXAEMj15pN3Y0SOoQdp0jKYdGLN5M5pi/fgWiRCJGBH/OTh+VP
-r5voNAfGeVsiK9XrU4/hsGUW1deMLiIZ0cshqGFUyXDqLEapHr3XSmwinRJPQozy
-XL437Ws+Gg2Q1IuqTMZS50qjuZW34KngQwIDAQABo4GbMIGYMAkGA1UdEwQCMAAw
-HQYDVR0OBBYEFOmuE2t7dFAkxtOGwljAqLTDy8llMB8GA1UdIwQYMBaAFBQ8Yqni
-cYiW5meHqyh9KQSIau0jMBMGA1UdJQQMMAoGCCsGAQUFBwMDMDYGA1UdHwQvMC0w
-K6ApoCeGJWh0dHA6Ly8xMjcuMC4wLjE6MTkyNTQvaW50ZXJtZWRpYXRlQ0EwDQYJ
-KoZIhvcNAQELBQADggEBAJ5WxnDiAiRPr7EvTRD7iaxixAY/2wgASXWekQLpvJ8Y
-/ehaVdZWE8ft76y73F4NC62JfjWgAZHE+we3LSO+eB5kznM+Ctzrf/brR1MorSOu
-iq78uz2pjwmQBpby6uDMii9r1txR62GYiLrZJizE+13AOVKBo5EW0PuwX3wKjk+s
-Z5Mp9y7+GVzCSXwJC4wNMw/ZJZgr+o5D8msMh3UPgxUfT1rZ7THW3IwXao3ZtTXw
-EA6uJoLVNb8FLfAVA1CFL0MlPgyiM2iNs+jIuhF7hPmMc8Je2qAr97ADdLCHWnRv
-Majsbns7OCCFROF2qSQiyzVO5Hn1kiPSP7qmLMak610=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDszCCApugAwIBAgIUN3RBnJCUJ8HmbeNjJZ/6jsXJLGEwDQYJKoZIhvcNAQEL
-BQAwWDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEgMB4GA1UE
-CwwXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcN
-MTgwMTAxMDAwMDAwWhcNMzYwMTAxMDAwMDAwWjBnMQswCQYDVQQGEwJQTDEVMBMG
-A1UECgwMb3NzbHNpZ25jb2RlMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eTEfMB0GA1UEAwwWSW50ZXJtZWRpYXRlIENBIENSTCBEUDCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAME32IBpxW4FhVuZe1PTarEskVHP233QjZtx
-poC67/lUK44gtFmsxYsMrDYmmny5pfoM/Byxl5/rorEddLqtDe1kd1SpXUvEYxox
-s5rizRd5sZPgkwNoJkSVyNZFwj7gKZHeg6IQHSxNgmTybZ+eZqiNvEveksj3lGpM
-Xrbiew7cXUyIP636GPtYxLyIbwDVP0jScqcA/dmSAqofFVUi0SW3OS1hpyXAmmx8
-hQHJRKPjPgitZVgjwf5X8/eMTa+ca9dRlRFLk7AcbkF6NcbLm+cRo816nO0EBFV4
-Sn2dW9uYqJIfZcpRQ7wbv4fUCghwrk9h3gXrb7AweyK8nyYlmosCAwEAAaNmMGQw
-EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUFDxiqeJxiJbmZ4erKH0pBIhq
-7SMwHwYDVR0jBBgwFoAUGjxG/vql0oJgItr7HsLaW+koiMgwDgYDVR0PAQH/BAQD
-AgGGMA0GCSqGSIb3DQEBCwUAA4IBAQAlI/1XnGc9WzL53rRascZc1EgWAnej9YFS
-Dax5+nozYTihC8BRxGfSh1FGRVsmFWhZ0z0XogJJC2bZrQ/36+vwoILItcsWHrQr
-rFoZa6s1Uo7ZCd9SfmXjbhMLQgydocCh9YIF66CAkQLwRXc1QIpF7nuZ+rxk0ru1
-uGjjBrFRfdSdzlFnyK6wfFzi6LtYDVgVEHC7zzL9E/cyuGo7qQ++SoOg99HjTVY1
-PS3ea522bRO2bJpYwZJvvbg020DAfm686VXwAadODdBkI2h6U5SwTxp4SkSmq9SI
-mjtERFtnAKD0R2YrX4RzuIckezvwsqLDkQjMnI9XQmv5HWUZimcC
------END CERTIFICATE-----
diff --git a/tests/certs/tsa-chain.pem b/tests/certs/tsa-chain.pem
deleted file mode 100644
index 16213c2..0000000
--- a/tests/certs/tsa-chain.pem
+++ /dev/null
@@ -1,47 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEMzCCAxugAwIBAgIUAQ9lOMiuXUZuKaxzEpwQmCzU7aowDQYJKoZIhvcNAQEL
-BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE
-CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v
-dCBDQTAeFw0xODAxMDEwMDAwMDBaFw0zODAxMDEwMDAwMDBaMFUxCzAJBgNVBAYT
-AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxHDAaBgNVBAsME1RpbWVzdGFtcCBB
-dXRob3JpdHkxETAPBgNVBAMMCFRlc3QgVFNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAqZW3jbxq2Zkw86ePE8r6Tl9+mxjzH8k1XPGXwKIdEhvOhBXN
-SxwVdiudnbIR2Kp4kOpRNeI4bET6bGEQVBVzuyPOCXeQlXK7wVhri/MF8YzMCFuW
-7s2OMeaCqMJckBiGrDYgvDIMfE53CZFVhOnpIKD+ItX+D1bBchvM1TaSOVcxwKwH
-pmIbw47gOY4E4rHz/KYdqcVCk82ACEmiptmJARb8oYU8bap1x7fEtDZ3w0gnnSks
-5dXGjdUwCkm1qHgoW/k6vK8nIz14f/+05GIMZpUh4kIUXMhGmbOeFHfENJ7J30TI
-RLXsK9iAApriqxZ6EvhrWOYJT4pUeUnGfuwPUwIDAQABo4HvMIHsMAwGA1UdEwEB
-/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFKryJiH4Y0KO
-x2nCc4cOvih1VzjmMB8GA1UdIwQYMBaAFD8ujz0I9Y7079ZMe9X7cO3/rSj5MC0G
-A1UdHwQmMCQwIqAgoB6GHGh0dHA6Ly8xMjcuMC4wLjE6MTkyNTQvVFNBQ0EwVQYD
-VR0eBE4wTKAYMAqCCHRlc3QuY29tMAqCCHRlc3Qub3JnoTAwCocIAAAAAAAAAAAw
-IocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDQYJKoZIhvcNAQEL
-BQADggEBAAhzijhC1kvBV75rxRqj27gtYRG8dNkHc5umzwXyNNMn2tI/kO2Rf+ES
-9RamQE9sfvOgg3UqfXIfRPsC4cBHnjT+ELdqbt4byk3LPtstJGFuLy0iNRNY9f1j
-lBJrldLZNNsIpNMQa0u5h/z4m0CAA8j6ayUvcoR11y2zYHkHlSScTq/s7gSQzXlK
-z4DRiiYif2OEdKVeRCqlDV8AOlhm1+9am74dkfO71aT0G2hko2u19NWZvjc/DqI1
-V+e2g5TDE7V65d9vvf9tA26i0At/VazvnhsgdpgUkwS6mjUvx+gW3i5YJhtXjdAX
-hpE0ajpKT0x/dNa/qCwl/9zc8XxGnPk=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDkDCCAnigAwIBAgIULFuB5HWsyba6VHu2Ygv2vt4R4/swDQYJKoZIhvcNAQEL
-BQAwYDELMAkGA1UEBhMCUEwxFTATBgNVBAoMDG9zc2xzaWduY29kZTEkMCIGA1UE
-CwwbVGltZXN0YW1wIEF1dGhvcml0eSBSb290IENBMRQwEgYDVQQDDAtUU0EgUm9v
-dCBDQTAeFw0xNzAxMDEwMDAwMDBaFw0zNjEyMjcwMDAwMDBaMGAxCzAJBgNVBAYT
-AlBMMRUwEwYDVQQKDAxvc3Nsc2lnbmNvZGUxJDAiBgNVBAsMG1RpbWVzdGFtcCBB
-dXRob3JpdHkgUm9vdCBDQTEUMBIGA1UEAwwLVFNBIFJvb3QgQ0EwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBo8JJDwVm6UTZvA2g/tOZ3xIbKYXI92Rn
-T/FCCUycsB5tmoSWcmy1AB6UDv7bFMGy4mdbxnErtdytGj+hEIO3O2EBbpBLAmlJ
-CEVNRrz/YbxGoJmeAii9s3jignUpTr/qLMSKkLowuqABZl2XtCp7Q83YlZPkVhFL
-kCAny89cG/QGAUxViN7HB4jWzhcBTTfD4PFvSU1HZNhPM0Y6BCpv2qrof3/tPnQr
-xM2zVZoIonQpf6paga61O9fM4wc1GqxGGwARz6Bxq6w2OxRDsV/biqP9gVUj0XmF
-6o/draf3MkDswOUZyKpujOUIf12ezXJFPWaCRN1Rl0vwV2CyVxkvAgMBAAGjQjBA
-MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFD8ujz0I9Y7079ZMe9X7cO3/rSj5
-MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAtHmPfVgu6Y7uWcpq
-AdawOTZ/2ICOvAMmQ0LcXKmSpgsneHiyAL1Wwe2/XxTwmrpHylOapIIuV3irHCXU
-CxaTMUyZGfXoUWsxnR8bcb5ac/aFKkC3ynE2/IfFyJOQ724cK5FRK1+piVleP4Rx
-C04KQiuxuVLedyvGh5OPU/94ZW2JuuBjImVAO/lUbYhAUSpwueX2lYKSSPLkPfDx
-AsIp55x70iQ+EsgARvseVY2JRzvRnuh66V4P15wn3dIzjtWQ1/t007wMk5Lji5dQ
-iSvdyqULBytBqDtLPLzRuma1KJEPRIamF1j6Or6HaHSVUorRhqI3XuxEUGdO4LxZ
-QepMyA==
------END CERTIFICATE-----
diff --git a/tests/certs/tsa-serial b/tests/certs/tsa-serial
deleted file mode 100644
index d53ed9b..0000000
--- a/tests/certs/tsa-serial
+++ /dev/null
@@ -1 +0,0 @@
-bb7fd13ddf056e0a3e621d3537b25478
diff --git a/tests/check_cryptography.py b/tests/check_cryptography.py
new file mode 100644
index 0000000..b75f089
--- /dev/null
+++ b/tests/check_cryptography.py
@@ -0,0 +1,40 @@
+#!/usr/bin/python3
+"""Check cryptography module."""
+
+import sys
+
+try:
+    import cryptography
+    print(cryptography.__version__, end="")
+except ModuleNotFoundError as ierr:
+    print("Module not installed: {}".format(ierr))
+    sys.exit(1)
+except ImportError as ierr:
+    print("Module not found: {}".format(ierr))
+    sys.exit(1)
+
+class UnsupportedVersion(Exception):
+    """Unsupported version"""
+
+def main() -> None:
+    """Check python3-cryptography version"""
+    try:
+        version = tuple(int(num) for num in cryptography.__version__.split('.'))
+        if version < (37, 0, 2):
+            raise UnsupportedVersion("unsupported python3-cryptography version")
+    except UnsupportedVersion as err:
+        print(" {}".format(err), end="")
+        sys.exit(1)
+
+
+if __name__ == '__main__':
+    main()
+
+# pylint: disable=pointless-string-statement
+"""Local Variables:
+    c-basic-offset: 4
+    tab-width: 4
+    indent-tabs-mode: nil
+End:
+    vim: set ts=4 expandtab:
+"""
diff --git a/tests/client_http.py b/tests/client_http.py
index 0a2126f..b7618f8 100644
--- a/tests/client_http.py
+++ b/tests/client_http.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python3
 """Implementation of a HTTP client"""
 
 import os
@@ -5,17 +6,17 @@ import sys
 import http.client
 
 RESULT_PATH = os.getcwd()
-LOGS_PATH = os.path.join(RESULT_PATH, "./Testing/logs/")
-PORT_LOG = os.path.join(LOGS_PATH, "./port.log")
 
 
 def main() -> None:
     """Creating a POST Request"""
     ret = 0
     try:
-        with open(PORT_LOG, 'r') as file:
-            port = file.readline()
-        conn = http.client.HTTPConnection('127.0.0.1', port)
+        file_path = os.path.join(RESULT_PATH, "./Testing/logs/url.log")
+        with open(file_path, mode="r", encoding="utf-8") as file:
+            url = file.readline()
+        host, port = url.split(":")
+        conn = http.client.HTTPConnection(host, port)
         conn.request('POST', '/kill_server')
         response = conn.getresponse()
         print("HTTP status code:", response.getcode(), end=', ')
diff --git a/tests/conf/makecerts.sh b/tests/conf/makecerts.sh
deleted file mode 100755
index 9bf247f..0000000
--- a/tests/conf/makecerts.sh
+++ /dev/null
@@ -1,448 +0,0 @@
-#!/bin/bash
-
-result=0
-
-test_result() {
-  if test "$1" -eq 0
-    then
-      printf "Succeeded\n" >> "makecerts.log"
-    else
-      printf "Failed\n" >> "makecerts.log"
-    fi
-}
-
-make_certs() {
-  password=passme
-  result_path=$(pwd)
-  cd $(dirname "$0")
-  script_path=$(pwd)
-  cd "${result_path}"
-  mkdir "tmp/"
-
-################################################################################
-# OpenSSL settings
-################################################################################
-
-  if test -n "$1"
-    then
-      OPENSSL="$1/bin/openssl"
-      export LD_LIBRARY_PATH="$1/lib:$1/lib64"
-    else
-      OPENSSL=openssl
-    fi
-
-  mkdir "CA/" 2>> "makecerts.log" 1>&2
-  touch "CA/index.txt"
-  echo -n "unique_subject = no" > "CA/index.txt.attr"
-  $OPENSSL rand -hex 16 > "CA/serial"
-  $OPENSSL rand -hex 16 > "tmp/tsa-serial"
-  echo 1001 > "CA/crlnumber"
-  date > "makecerts.log"
-  "$OPENSSL" version 2>> "makecerts.log" 1>&2
-  echo -n "$password" > tmp/password.txt
-
-################################################################################
-# Root CA certificates
-################################################################################
-
-  printf "\nGenerate trusted root CA certificate\n" >> "makecerts.log"
- "$OPENSSL" genrsa -out CA/CAroot.key \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-  TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
-    script_path=$(pwd)
-    OPENSSL="$0"
-    export LD_LIBRARY_PATH="$1"
-    CONF="${script_path}/openssl_root.cnf"
-    "$OPENSSL" req -config "$CONF" -new -x509 -days 7300 -key CA/CAroot.key -out tmp/CAroot.pem \
-        -subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Trusted Root CA" \
-        2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
-  test_result $?
-
-  printf "\nPrepare the Certificate Signing Request (CSR)\n" >> "makecerts.log"
-  "$OPENSSL" genrsa -out CA/CA.key \
-      2>> "makecerts.log" 1>&2
-  TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
-    script_path=$(pwd)
-    OPENSSL="$0"
-    export LD_LIBRARY_PATH="$1"
-    CONF="${script_path}/openssl_root.cnf"
-    "$OPENSSL" req -config "$CONF" -new -key CA/CA.key -out CA/CACert.csr \
-        -subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Root CA" \
-        2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
-  test_result $?
-
-  printf "\nGenerate Self-signed root CA certificate\n" >> "makecerts.log"
-  TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
-    script_path=$(pwd)
-    OPENSSL="$0"
-    export LD_LIBRARY_PATH="$1"
-    CONF="${script_path}/openssl_root.cnf"
-    "$OPENSSL" x509 -req -days 7300 -extfile "$CONF" -extensions ca_extensions \
-        -signkey CA/CA.key \
-        -in CA/CACert.csr -out tmp/CACert.pem \
-        2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
-  test_result $?
-
-  printf "\nGenerate Cross-signed root CA certificate\n" >> "makecerts.log"
-  TZ=GMT faketime -f '@2018-01-01 00:00:00' /bin/bash -c '
-    script_path=$(pwd)
-    OPENSSL="$0"
-    export LD_LIBRARY_PATH="$1"
-    CONF="${script_path}/openssl_root.cnf"
-    "$OPENSSL" x509 -req -days 7300 -extfile "$CONF" -extensions ca_extensions \
-        -CA tmp/CAroot.pem -CAkey CA/CAroot.key -CAserial CA/CAroot.srl \
-        -CAcreateserial -in CA/CACert.csr -out tmp/CAcross.pem \
-        2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
-  test_result $?
-
-################################################################################
-# Private RSA keys
-################################################################################
-
-  printf "\nGenerate private RSA encrypted key\n" >> "makecerts.log"
-  "$OPENSSL" genrsa -des3 -out CA/private.key -passout pass:"$password" \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-  cat CA/private.key >> tmp/keyp.pem 2>> "makecerts.log"
-  test_result $?
-
-  printf "\nGenerate private RSA decrypted key\n" >> "makecerts.log"
-  "$OPENSSL" rsa -in CA/private.key -passin pass:"$password" -out tmp/key.pem \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nConvert the key to DER format\n" >> "makecerts.log"
-  "$OPENSSL" rsa -in tmp/key.pem -outform DER -out tmp/key.der -passout pass:"$password" \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nConvert the key to PVK format\n" >> "makecerts.log"
-  "$OPENSSL" rsa -in tmp/key.pem -outform PVK -out tmp/key.pvk -pvk-none \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-################################################################################
-# Intermediate CA certificates
-################################################################################
-
-  CONF="${script_path}/openssl_intermediate.cnf"
-
-  printf "\nGenerate intermediate CA certificate\n" >> "makecerts.log"
-  "$OPENSSL" genrsa -out CA/intermediateCA.key \
-        2>> "makecerts.log" 1>&2
-    TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
-    script_path=$(pwd)
-    OPENSSL="$0"
-    export LD_LIBRARY_PATH="$1"
-    CONF="${script_path}/openssl_intermediate.cnf"
-    "$OPENSSL" req -config "$CONF" -new -key CA/intermediateCA.key -out CA/intermediateCA.csr \
-        -subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Intermediate CA" \
-        2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
-  test_result $?
-  TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
-    script_path=$(pwd)
-    OPENSSL="$0"
-    export LD_LIBRARY_PATH="$1"
-    CONF="${script_path}/openssl_root.cnf"
-    "$OPENSSL" ca -config "$CONF" -batch -in CA/intermediateCA.csr -out CA/intermediateCA.cer \
-        2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
-  test_result $?
-  "$OPENSSL" x509 -in CA/intermediateCA.cer -out tmp/intermediateCA.pem \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nGenerate a certificate to revoke\n" >> "makecerts.log"
-  "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/revoked.csr \
-      -subj "/C=PL/O=osslsigncode/OU=CSP/CN=Revoked/emailAddress=osslsigncode@example.com" \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-  "$OPENSSL" ca -config "$CONF" -batch -in CA/revoked.csr -out CA/revoked.cer \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-  "$OPENSSL" x509 -in CA/revoked.cer -out tmp/revoked.pem \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nRevoke above certificate\n" >> "makecerts.log"
-  "$OPENSSL" ca -config "$CONF" -revoke CA/revoked.cer \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nAttach intermediate certificate to revoked certificate\n" >> "makecerts.log"
-  cat tmp/intermediateCA.pem >> tmp/revoked.pem 2>> "makecerts.log"
-  test_result $?
-
-  printf "\nGenerate CRL file\n" >> "makecerts.log"
-  TZ=GMT faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
-    script_path=$(pwd)
-    OPENSSL="$0"
-    export LD_LIBRARY_PATH="$1"
-    CONF="${script_path}/openssl_intermediate.cnf"
-    "$OPENSSL" ca -config "$CONF" -gencrl -crldays 8766 -out tmp/CACertCRL.pem \
-        2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
-  test_result $?
-
-  printf "\nGenerate code signing certificate\n" >> "makecerts.log"
-  "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/cert.csr \
-      -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Certificate/emailAddress=osslsigncode@example.com" \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-  "$OPENSSL" ca -config "$CONF" -batch -in CA/cert.csr -out CA/cert.cer \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-  "$OPENSSL" x509 -in CA/cert.cer -out tmp/cert.pem \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nConvert the certificate to DER format\n" >> "makecerts.log"
-  "$OPENSSL" x509 -in tmp/cert.pem -outform DER -out tmp/cert.der \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nAttach intermediate certificate to code signing certificate\n" >> "makecerts.log"
-  cat tmp/intermediateCA.pem >> tmp/cert.pem 2>> "makecerts.log"
-  test_result $?
-
-  printf "\nConvert the certificate to SPC format\n" >> "makecerts.log"
-  "$OPENSSL" crl2pkcs7 -nocrl -certfile tmp/cert.pem -outform DER -out tmp/cert.spc \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  ssl_version=$("$OPENSSL" version)
-  if test "${ssl_version:8:1}" -eq 3
-  then
-    printf "\nConvert the certificate and the key into legacy PKCS#12 container with\
- RC2-40-CBC private key and certificate encryption algorithm\n" >> "makecerts.log"
-    "$OPENSSL" pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/legacy.p12 -passout pass:"$password" \
-        -keypbe rc2-40-cbc -certpbe rc2-40-cbc -legacy \
-        2>> "makecerts.log" 1>&2
-  else
-    printf "\nConvert the certificate and the key into legacy PKCS#12 container with\
- RC2-40-CBC private key and certificate encryption algorithm\n" >> "makecerts.log"
-    "$OPENSSL" pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/legacy.p12 -passout pass:"$password" \
-        -keypbe rc2-40-cbc -certpbe rc2-40-cbc \
-        2>> "makecerts.log" 1>&2
-  fi
-  test_result $?
-
-  printf "\nConvert the certificate and the key into a PKCS#12 container with\
-  AES-256-CBC private key and certificate encryption algorithm\n" >> "makecerts.log"
-  "$OPENSSL" pkcs12 -export -in tmp/cert.pem -inkey tmp/key.pem -out tmp/cert.p12 -passout pass:"$password" \
-      -keypbe aes-256-cbc -certpbe aes-256-cbc \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nGenerate expired certificate\n" >> "makecerts.log"
-  "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/expired.csr \
-      -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Expired/emailAddress=osslsigncode@example.com" \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-  "$OPENSSL" ca -config "$CONF" -enddate "190101000000Z" -batch -in CA/expired.csr -out CA/expired.cer \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-  "$OPENSSL" x509 -in CA/expired.cer -out tmp/expired.pem \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nAttach intermediate certificate to expired certificate\n" >> "makecerts.log"
-  cat tmp/intermediateCA.pem >> tmp/expired.pem 2>> "makecerts.log"
-  test_result $?
-
-
-################################################################################
-# Intermediate CA certificates with CRL distribution point
-################################################################################
-
-  CONF="${script_path}/openssl_intermediate_crldp.cnf"
-
-  printf "\nGenerate intermediate CA certificate with CRL distribution point\n" >> "makecerts.log"
-  "$OPENSSL" genrsa -out CA/intermediateCA_crldp.key \
-        2>> "makecerts.log" 1>&2
-    TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
-    script_path=$(pwd)
-    OPENSSL="$0"
-    export LD_LIBRARY_PATH="$1"
-    CONF="${script_path}/openssl_intermediate_crldp.cnf"
-    "$OPENSSL" req -config "$CONF" -new -key CA/intermediateCA_crldp.key -out CA/intermediateCA_crldp.csr \
-        -subj "/C=PL/O=osslsigncode/OU=Certification Authority/CN=Intermediate CA CRL DP" \
-        2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
-  test_result $?
-  TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
-    script_path=$(pwd)
-    OPENSSL="$0"
-    export LD_LIBRARY_PATH="$1"
-    CONF="${script_path}/openssl_root.cnf"
-    "$OPENSSL" ca -config "$CONF" -batch -in CA/intermediateCA_crldp.csr -out CA/intermediateCA_crldp.cer \
-        2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
-  test_result $?
-  "$OPENSSL" x509 -in CA/intermediateCA_crldp.cer -out tmp/intermediateCA_crldp.pem \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nGenerate a certificate with X509v3 CRL Distribution Points extension to revoke\n" >> "makecerts.log"
-  "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/revoked_crldp.csr \
-      -subj "/C=PL/O=osslsigncode/OU=CSP/CN=Revoked X509v3 CRL DP/emailAddress=osslsigncode@example.com" \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-  "$OPENSSL" ca -config "$CONF" -batch -in CA/revoked_crldp.csr -out CA/revoked_crldp.cer \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-  "$OPENSSL" x509 -in CA/revoked_crldp.cer -out tmp/revoked_crldp.pem \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nRevoke above certificate\n" >> "makecerts.log"
-  "$OPENSSL" ca -config "$CONF" -revoke CA/revoked_crldp.cer \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nAttach intermediate certificate to revoked certificate\n" >> "makecerts.log"
-  cat tmp/intermediateCA_crldp.pem >> tmp/revoked_crldp.pem 2>> "makecerts.log"
-  test_result $?
-
-  printf "\nGenerate CRL file\n" >> "makecerts.log"
-  TZ=GMT faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
-    script_path=$(pwd)
-    OPENSSL="$0"
-    export LD_LIBRARY_PATH="$1"
-    CONF="${script_path}/openssl_intermediate_crldp.cnf"
-    "$OPENSSL" ca -config "$CONF" -gencrl -crldays 8766 -out tmp/CACertCRL_crldp.pem \
-        2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
-  test_result $?
-
-  printf "\nConvert CRL file from PEM to DER (for CRL Distribution Points server to use) \n" >> "makecerts.log"
-  "$OPENSSL" crl -in tmp/CACertCRL_crldp.pem -inform PEM -out tmp/CACertCRL.der -outform DER \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nGenerate code signing certificate with X509v3 CRL Distribution Points extension\n" >> "makecerts.log"
-  "$OPENSSL" req -config "$CONF" -new -key CA/private.key -passin pass:"$password" -out CA/cert_crldp.csr \
-      -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=osslsigncode/OU=CSP/CN=Certificate X509v3 CRL DP/emailAddress=osslsigncode@example.com" \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-  "$OPENSSL" ca -config "$CONF" -batch -in CA/cert_crldp.csr -out CA/cert_crldp.cer \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-  "$OPENSSL" x509 -in CA/cert_crldp.cer -out tmp/cert_crldp.pem \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nAttach intermediate certificate to code signing certificate\n" >> "makecerts.log"
-  cat tmp/intermediateCA_crldp.pem >> tmp/cert_crldp.pem 2>> "makecerts.log"
-  test_result $?
-
-################################################################################
-# Time Stamp Authority certificates
-################################################################################
-  printf "\nGenerate Root CA TSA certificate\n" >> "makecerts.log"
-  "$OPENSSL" genrsa -out CA/TSACA.key \
-      2>> "makecerts.log" 1>&2
-  TZ=GMT faketime -f '@2017-01-01 00:00:00' /bin/bash -c '
-    script_path=$(pwd)
-    OPENSSL="$0"
-    export LD_LIBRARY_PATH="$1"
-    CONF="${script_path}/openssl_tsa_root.cnf"
-    "$OPENSSL" req -config "$CONF" -new -x509 -days 7300 -key CA/TSACA.key -out tmp/TSACA.pem \
-        2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
-  test_result $?
-
-  printf "\nGenerate TSA certificate to revoke\n" >> "makecerts.log"
-  CONF="${script_path}/openssl_tsa_root.cnf"
-  "$OPENSSL" req -config "$CONF" -new -nodes -keyout tmp/TSA_revoked.key -out CA/TSA_revoked.csr \
-      -subj "/C=PL/O=osslsigncode/OU=TSA/CN=Revoked/emailAddress=osslsigncode@example.com" \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-  CONF="${script_path}/openssl_tsa_root.cnf"
-  "$OPENSSL" ca -config "$CONF" -batch -in CA/TSA_revoked.csr -out CA/TSA_revoked.cer \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-  "$OPENSSL" x509 -in CA/TSA_revoked.cer -out tmp/TSA_revoked.pem \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nRevoke above certificate\n" >> "makecerts.log"
-  "$OPENSSL" ca -config "$CONF" -revoke CA/TSA_revoked.cer \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nGenerate TSA CRL file\n" >> "makecerts.log"
-  TZ=GMT faketime -f '@2019-01-01 00:00:00' /bin/bash -c '
-    script_path=$(pwd)
-    OPENSSL="$0"
-    export LD_LIBRARY_PATH="$1"
-    CONF="${script_path}/openssl_tsa_root.cnf"
-    "$OPENSSL" ca -config "$CONF" -gencrl -crldays 8766 -out tmp/TSACertCRL.pem \
-        2>> "makecerts.log" 1>&2' "$OPENSSL" "$LD_LIBRARY_PATH"
-  test_result $?
-
-  printf "\nConvert TSA CRL file from PEM to DER (for CRL Distribution Points server to use)\n" >> "makecerts.log"
-  "$OPENSSL" crl -in tmp/TSACertCRL.pem -inform PEM -out tmp/TSACertCRL.der -outform DER \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nGenerate TSA certificate\n" >> "makecerts.log"
-  CONF="${script_path}/openssl_tsa.cnf"
-  "$OPENSSL" req -config "$CONF" -new -nodes -keyout tmp/TSA.key -out CA/TSA.csr \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-  CONF="${script_path}/openssl_tsa_root.cnf"
-  "$OPENSSL" ca -config "$CONF" -batch -in CA/TSA.csr -out CA/TSA.cer \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-  "$OPENSSL" x509 -in CA/TSA.cer -out tmp/TSA.pem \
-      2>> "makecerts.log" 1>&2
-  test_result $?
-
-  printf "\nSave the chain to be included in the TSA response\n" >> "makecerts.log"
-  cat tmp/TSA.pem tmp/TSACA.pem > tmp/tsa-chain.pem 2>> "makecerts.log"
-
-################################################################################
-# Copy new files
-################################################################################
-
-  if test -s tmp/CACert.pem -a -s tmp/CAcross.pem -a -s tmp/CAroot.pem  \
-      -a -s tmp/intermediateCA.pem -a -s tmp/intermediateCA_crldp.pem \
-      -a -s tmp/CACertCRL.pem -a -s tmp/CACertCRL.der \
-      -a -s tmp/TSACertCRL.pem -a -s tmp/TSACertCRL.der \
-      -a -s tmp/key.pem -a -s tmp/keyp.pem -a -s tmp/key.der -a -s tmp/key.pvk \
-      -a -s tmp/cert.pem -a -s tmp/cert.der -a -s tmp/cert.spc \
-      -a -s tmp/cert.p12 -a -s tmp/legacy.p12 -a -s tmp/cert_crldp.pem\
-      -a -s tmp/expired.pem \
-      -a -s tmp/revoked.pem -a -s tmp/revoked_crldp.pem \
-      -a -s tmp/TSA_revoked.pem \
-      -a -s tmp/TSA.pem -a -s tmp/TSA.key -a -s tmp/tsa-chain.pem
-  then
-    mkdir -p "../certs"
-    cp tmp/* ../certs
-    printf "%s" "Keys & certificates successfully generated"
-  else
-    printf "%s" "Error logs ${result_path}/makecerts.log"
-    result=1
-  fi
-
-################################################################################
-# Remove the working directory
-################################################################################
-
-  rm -rf "CA/"
-  rm -rf "tmp/"
-
-  exit "$result"
-}
-
-
-################################################################################
-# Tests requirement and make certs
-################################################################################
-
-if test -n "$(command -v faketime)"
-  then
-    make_certs "$1"
-    result=$?
-  else
-    printf "%s" "faketime not found in \$PATH, please install faketime package"
-    result=1
-  fi
-
-exit "$result"
diff --git a/tests/conf/openssl_intermediate.cnf b/tests/conf/openssl_intermediate.cnf
deleted file mode 100644
index f5e91eb..0000000
--- a/tests/conf/openssl_intermediate.cnf
+++ /dev/null
@@ -1,73 +0,0 @@
-# OpenSSL intermediate CA configuration file
-
-[ default ]
-name                            = intermediateCA
-default_ca                      = CA_default
-
-[ CA_default ]
-# Directory and file locations
-dir                             = .
-certs                           = $dir/CA
-crl_dir                         = $dir/CA
-new_certs_dir                   = $dir/CA
-database                        = $dir/CA/index.txt
-serial                          = $dir/CA/serial
-rand_serial                     = yes
-private_key                     = $dir/CA/$name.key
-certificate                     = $dir/tmp/$name.pem
-crlnumber                       = $dir/CA/crlnumber
-crl_extensions                  = crl_ext
-default_md                      = sha256
-preserve                        = no
-policy                          = policy_loose
-default_startdate               = 20180101000000Z
-default_enddate                 = 20341231000000Z
-x509_extensions                 = v3_req
-email_in_dn                     = yes
-default_days                    = 2200
-
-[ req ]
-# Options for the `req` tool
-encrypt_key                     = no
-default_bits                    = 2048
-default_md                      = sha256
-string_mask                     = utf8only
-distinguished_name              = req_distinguished_name
-x509_extensions                 = usr_extensions
-
-[ crl_ext ]
-# Extension for CRLs
-authorityKeyIdentifier          = keyid:always
-
-[ usr_extensions ]
-# Extension to add when the -x509 option is used
-basicConstraints                = CA:FALSE
-subjectKeyIdentifier            = hash
-authorityKeyIdentifier          = keyid, issuer
-extendedKeyUsage                = codeSigning
-
-[ v3_req ]
-basicConstraints                = CA:FALSE
-subjectKeyIdentifier            = hash
-authorityKeyIdentifier          = keyid, issuer
-extendedKeyUsage                = codeSigning
-
-[ policy_loose ]
-# Allow the intermediate CA to sign a more diverse range of certificates.
-# See the POLICY FORMAT section of the `ca` man page.
-countryName                     = optional
-stateOrProvinceName             = optional
-localityName                    = optional
-organizationName                = optional
-organizationalUnitName          = optional
-commonName                      = supplied
-emailAddress                    = optional
-
-[ req_distinguished_name ]
-countryName                     = Country Name (2 letter code)
-stateOrProvinceName             = State or Province Name
-localityName                    = Locality Name
-0.organizationName              = Organization Name
-organizationalUnitName          = Organizational Unit Name
-commonName                      = Common Name
-emailAddress                    = Email Address
diff --git a/tests/conf/openssl_intermediate_crldp.cnf b/tests/conf/openssl_intermediate_crldp.cnf
deleted file mode 100644
index bb743ac..0000000
--- a/tests/conf/openssl_intermediate_crldp.cnf
+++ /dev/null
@@ -1,79 +0,0 @@
-# OpenSSL intermediate CA configuration file
-
-[ default ]
-name                            = intermediateCA
-default_ca                      = CA_default
-crl_url                         = http://127.0.0.1:19254/$name
-
-[ CA_default ]
-# Directory and file locations
-dir                             = .
-certs                           = $dir/CA
-crl_dir                         = $dir/CA
-new_certs_dir                   = $dir/CA
-database                        = $dir/CA/index.txt
-serial                          = $dir/CA/serial
-rand_serial                     = yes
-private_key                     = $dir/CA/$name\_crldp.key
-certificate                     = $dir/tmp/$name\_crldp.pem
-crlnumber                       = $dir/CA/crlnumber
-crl_extensions                  = crl_ext
-default_md                      = sha256
-preserve                        = no
-policy                          = policy_loose
-default_startdate               = 20180101000000Z
-default_enddate                 = 20341231000000Z
-x509_extensions                 = v3_req
-email_in_dn                     = yes
-default_days                    = 2200
-
-[ req ]
-# Options for the `req` tool
-encrypt_key                     = no
-default_bits                    = 2048
-default_md                      = sha256
-string_mask                     = utf8only
-distinguished_name              = req_distinguished_name
-x509_extensions                 = usr_extensions
-
-[ crl_ext ]
-# Extension for CRLs
-authorityKeyIdentifier          = keyid:always
-
-[ usr_extensions ]
-# Extension to add when the -x509 option is used
-basicConstraints                = CA:FALSE
-subjectKeyIdentifier            = hash
-authorityKeyIdentifier          = keyid, issuer
-extendedKeyUsage                = codeSigning
-
-[ v3_req ]
-basicConstraints                = CA:FALSE
-subjectKeyIdentifier            = hash
-authorityKeyIdentifier          = keyid, issuer
-extendedKeyUsage                = codeSigning
-crlDistributionPoints           = @crl_info
-
-[ crl_info ]
-# X509v3 CRL Distribution Points extension
-URI.0                           = $crl_url
-
-[ policy_loose ]
-# Allow the intermediate CA to sign a more diverse range of certificates.
-# See the POLICY FORMAT section of the `ca` man page.
-countryName                     = optional
-stateOrProvinceName             = optional
-localityName                    = optional
-organizationName                = optional
-organizationalUnitName          = optional
-commonName                      = supplied
-emailAddress                    = optional
-
-[ req_distinguished_name ]
-countryName                     = Country Name (2 letter code)
-stateOrProvinceName             = State or Province Name
-localityName                    = Locality Name
-0.organizationName              = Organization Name
-organizationalUnitName          = Organizational Unit Name
-commonName                      = Common Name
-emailAddress                    = Email Address
diff --git a/tests/conf/openssl_root.cnf b/tests/conf/openssl_root.cnf
deleted file mode 100644
index 109a645..0000000
--- a/tests/conf/openssl_root.cnf
+++ /dev/null
@@ -1,65 +0,0 @@
-# OpenSSL root CA configuration file
-
-[ ca ]
-default_ca                      = CA_default
-
-[ CA_default ]
-# Directory and file locations.
-dir                             = .
-certs                           = $dir/CA
-crl_dir                         = $dir/CA
-new_certs_dir                   = $dir/CA
-database                        = $dir/CA/index.txt
-serial                          = $dir/CA/serial
-rand_serial                     = yes
-private_key                     = $dir/CA/CA.key
-certificate                     = $dir/tmp/CACert.pem
-crl_extensions                  = crl_ext
-default_md                      = sha256
-preserve                        = no
-policy                          = policy_match
-default_startdate               = 20180101000000Z
-default_enddate                 = 20360101000000Z
-x509_extensions                 = v3_intermediate_ca
-email_in_dn                     = yes
-default_days                    = 3000
-unique_subject                  = no
-
-[ req ]
-# Options for the `req` tool
-encrypt_key                     = no
-default_bits                    = 2048
-default_md                      = sha256
-string_mask                     = utf8only
-x509_extensions                 = ca_extensions
-distinguished_name              = req_distinguished_name
-
-[ ca_extensions ]
-# Extension to add when the -x509 option is used
-basicConstraints                = critical, CA:true
-subjectKeyIdentifier            = hash
-authorityKeyIdentifier          = keyid:always,issuer
-keyUsage                        = critical, digitalSignature, cRLSign, keyCertSign
-
-[ v3_intermediate_ca ]
-# Extensions for a typical intermediate CA (`man x509v3_config`)
-basicConstraints                = critical, CA:true, pathlen:0
-subjectKeyIdentifier            = hash
-authorityKeyIdentifier          = keyid:always,issuer
-keyUsage                        = critical, digitalSignature, cRLSign, keyCertSign
-
-[ policy_match ]
-countryName                     = match
-organizationName                = match
-organizationalUnitName          = optional
-commonName                      = supplied
-emailAddress                    = optional
-
-[ req_distinguished_name ]
-countryName                     = Country Name (2 letter code)
-stateOrProvinceName             = State or Province Name
-localityName                    = Locality Name
-0.organizationName              = Organization Name
-organizationalUnitName          = Organizational Unit Name
-commonName                      = Common Name
-emailAddress                    = Email Address
diff --git a/tests/conf/openssl_tsa.cnf b/tests/conf/openssl_tsa.cnf
index a139088..b4cd29f 100644
--- a/tests/conf/openssl_tsa.cnf
+++ b/tests/conf/openssl_tsa.cnf
@@ -44,3 +44,4 @@ ordering                        = yes
 tsa_name                        = yes
 ess_cert_id_chain               = yes
 ess_cert_id_alg                 = sha256
+crypto_device                   = builtin
diff --git a/tests/conf/openssl_tsa_root.cnf b/tests/conf/openssl_tsa_root.cnf
deleted file mode 100644
index 30a00a3..0000000
--- a/tests/conf/openssl_tsa_root.cnf
+++ /dev/null
@@ -1,83 +0,0 @@
-# OpenSSL Root Timestamp Authority configuration file
-
-[ default ]
-name                            = TSACA
-domain_suffix                   = timestampauthority
-crl_url                         = http://127.0.0.1:19254/$name
-name_opt                        = utf8, esc_ctrl, multiline, lname, align
-default_ca                      = CA_default
-
-[ CA_default ]
-dir                             = .
-certs                           = $dir/CA
-crl_dir                         = $dir/CA
-new_certs_dir                   = $dir/CA
-database                        = $dir/CA/index.txt
-serial                          = $dir/CA/serial
-crlnumber                       = $dir/CA/crlnumber
-crl_extensions                  = crl_ext
-rand_serial                     = yes
-private_key                     = $dir/CA/$name.key
-certificate                     = $dir/tmp/$name.pem
-default_md                      = sha256
-default_days                    = 3650
-default_crl_days                = 365
-policy                          = policy_match
-default_startdate               = 20180101000000Z
-default_enddate                 = 20380101000000Z
-unique_subject                  = no
-email_in_dn                     = no
-x509_extensions                 = tsa_extensions
-
-[ policy_match ]
-countryName                     = match
-stateOrProvinceName             = optional
-organizationName                = match
-organizationalUnitName          = optional
-commonName                      = supplied
-emailAddress                    = optional
-
-[ tsa_extensions ]
-basicConstraints                = critical, CA:false
-extendedKeyUsage                = critical, timeStamping
-subjectKeyIdentifier            = hash
-authorityKeyIdentifier          = keyid:always
-crlDistributionPoints           = @crl_info
-nameConstraints                 = @name_constraints
-
-[ crl_info ]
-# X509v3 CRL Distribution Points extension
-URI.0                           = $crl_url
-
-[ crl_ext ]
-# Extension for CRLs
-authorityKeyIdentifier          = keyid:always
-
-[ name_constraints ]
-permitted;DNS.0=test.com
-permitted;DNS.1=test.org
-excluded;IP.0=0.0.0.0/0.0.0.0
-excluded;IP.1=0:0:0:0:0:0:0:0/0:0:0:0:0:0:0:0
-
-[ req ]
-# Options for the `req` tool
-default_bits                    = 2048
-encrypt_key                     = yes
-default_md                      = sha256
-utf8                            = yes
-string_mask                     = utf8only
-prompt                          = no
-distinguished_name              = ca_distinguished_name
-x509_extensions                 = ca_extensions
-
-[ ca_distinguished_name ]
-countryName                     = "PL"
-organizationName                = "osslsigncode"
-organizationalUnitName          = "Timestamp Authority Root CA"
-commonName                      = "TSA Root CA"
-
-[ ca_extensions ]
-# Extension to add when the -x509 option is used
-basicConstraints                = critical, CA:true
-subjectKeyIdentifier            = hash
-keyUsage                        = critical, keyCertSign, cRLSign
diff --git a/tests/exec.py b/tests/exec.py
new file mode 100644
index 0000000..80e7c07
--- /dev/null
+++ b/tests/exec.py
@@ -0,0 +1,43 @@
+#!/usr/bin/python3
+"""Implementation of a single ctest script."""
+
+import sys
+import subprocess
+
+
+def parse(value):
+    """Read parameter from file."""
+    prefix = 'FILE '
+    if value.startswith(prefix):
+        with open(value[len(prefix):], mode="r", encoding="utf-8") as file:
+            return file.read().strip()
+    return value
+
+
+def main() -> None:
+    """Run osslsigncode with its options."""
+    if len(sys.argv) > 1:
+        try:
+            params = map(parse, sys.argv[1:])
+            proc = subprocess.run(params, check=True)
+            sys.exit(proc.returncode)
+        except Exception as err: # pylint: disable=broad-except
+            # all exceptions are critical
+            print(err, file=sys.stderr)
+    else:
+        print("Usage:\n\t{} COMMAND [ARG]...'".format(sys.argv[0]), file=sys.stderr)
+    sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()
+
+
+# pylint: disable=pointless-string-statement
+"""Local Variables:
+    c-basic-offset: 4
+    tab-width: 4
+    indent-tabs-mode: nil
+End:
+    vim: set ts=4 expandtab:
+"""
diff --git a/tests/make_certificates.py b/tests/make_certificates.py
new file mode 100644
index 0000000..6fb03ac
--- /dev/null
+++ b/tests/make_certificates.py
@@ -0,0 +1,532 @@
+#!/usr/bin/python3
+"""Make test certificates"""
+
+import os
+import datetime
+import cryptography
+from cryptography import x509
+from cryptography.x509.oid import NameOID
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import rsa
+
+RESULT_PATH = os.getcwd()
+CERTS_PATH = os.path.join(RESULT_PATH, "./Testing/certs/")
+
+date_20170101 = datetime.datetime(2017, 1, 1)
+date_20180101 = datetime.datetime(2018, 1, 1)
+date_20190101 = datetime.datetime(2019, 1, 1)
+
+PASSWORD='passme'
+
+
+class X509Extensions():
+    """Base class for X509 Extensions"""
+
+    def __init__(self, unit_name, cdp_port, cdp_name):
+        self.unit_name = unit_name
+        self.port = cdp_port
+        self.name = cdp_name
+
+    def create_x509_name(self, common_name) -> x509.Name:
+        """Return x509.Name"""
+        return x509.Name(
+            [
+                x509.NameAttribute(NameOID.COUNTRY_NAME, "PL"),
+                x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Mazovia Province"),
+                x509.NameAttribute(NameOID.LOCALITY_NAME, "Warsaw"),
+                x509.NameAttribute(NameOID.ORGANIZATION_NAME, "osslsigncode"),
+                x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, self.unit_name),
+                x509.NameAttribute(NameOID.COMMON_NAME, common_name)
+            ]
+        )
+
+    def create_x509_crldp(self) -> x509.CRLDistributionPoints:
+        """Return x509.CRLDistributionPoints"""
+        return x509.CRLDistributionPoints(
+            [
+                x509.DistributionPoint(
+                    full_name=[x509.UniformResourceIdentifier(
+                        "http://127.0.0.1:" + str(self.port) + "/" + str(self.name))
+                    ],
+                    relative_name=None,
+                    reasons=None,
+                    crl_issuer=None
+                )
+            ]
+        )
+
+    def create_x509_name_constraints(self) -> x509.NameConstraints:
+        """Return x509.NameConstraints"""
+        return x509.NameConstraints(
+            permitted_subtrees = [x509.DNSName('test.com'), x509.DNSName('test.org')],
+            excluded_subtrees = None
+        )
+
+class IntermediateCACertificate(X509Extensions):
+    """Base class for Intermediate CA certificate"""
+
+    def __init__(self, issuer_cert, issuer_key):
+        self.issuer_cert = issuer_cert
+        self.issuer_key = issuer_key
+        super().__init__("Certification Authority", 0, None)
+
+    def make_cert(self) -> (x509.Certificate, rsa.RSAPrivateKey):
+        """Generate intermediate CA certificate"""
+        key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+        key_public = key.public_key()
+        authority_key = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
+            self.issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value
+        )
+        key_usage = x509.KeyUsage(
+            digital_signature=True,
+            content_commitment=False,
+            key_encipherment=False,
+            data_encipherment=False,
+            key_agreement=False,
+            key_cert_sign=True,
+            crl_sign=True,
+            encipher_only=False,
+            decipher_only=False
+        )
+        cert = (
+            x509.CertificateBuilder()
+            .subject_name(self.create_x509_name("Intermediate CA"))
+            .issuer_name(self.issuer_cert.subject)
+            .public_key(key_public)
+            .serial_number(x509.random_serial_number())
+            .not_valid_before(date_20180101)
+            .not_valid_after(date_20180101 + datetime.timedelta(days=7300))
+            .add_extension(x509.BasicConstraints(ca=True, path_length=0), critical=True)
+            .add_extension(x509.SubjectKeyIdentifier.from_public_key(key_public), critical=False)
+            .add_extension(authority_key, critical=False)
+            .add_extension(key_usage, critical=True)
+            .sign(self.issuer_key, hashes.SHA256())
+        )
+        file_path=os.path.join(CERTS_PATH, "intermediateCA.pem")
+        with open(file_path, mode="wb") as file:
+            file.write(cert.public_bytes(encoding=serialization.Encoding.PEM))
+
+        return cert, key
+
+
+class RootCACertificate(X509Extensions):
+    """Base class for Root CA certificate"""
+
+    def __init__(self):
+        self.key_usage = x509.KeyUsage(
+            digital_signature=True,
+            content_commitment=False,
+            key_encipherment=False,
+            data_encipherment=False,
+            key_agreement=False,
+            key_cert_sign=True,
+            crl_sign=True,
+            encipher_only=False,
+            decipher_only=False
+        )
+        super().__init__("Certification Authority", 0, None)
+
+    def make_cert(self) -> (x509.Certificate, rsa.RSAPrivateKey):
+        """Generate CA certificates"""
+        ca_root, root_key = self.make_ca_cert("Trusted Root CA", "CAroot.pem")
+        ca_cert, ca_key = self.make_ca_cert("Root CA", "CACert.pem")
+        self.make_cross_cert(ca_root, root_key, ca_cert, ca_key)
+        return ca_cert, ca_key
+
+    def make_ca_cert(self, common_name, file_name) -> None:
+        """Generate self-signed root CA certificate"""
+        ca_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+        ca_public = ca_key.public_key()
+        authority_key = x509.AuthorityKeyIdentifier.from_issuer_public_key(ca_public)
+        name = self.create_x509_name(common_name)
+        ca_cert = (
+            x509.CertificateBuilder()
+            .subject_name(name)
+            .issuer_name(name)
+            .public_key(ca_public)
+            .serial_number(x509.random_serial_number())
+            .not_valid_before(date_20170101)
+            .not_valid_after(date_20170101 + datetime.timedelta(days=7300))
+            .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True)
+            .add_extension(x509.SubjectKeyIdentifier.from_public_key(ca_public), critical=False)
+            .add_extension(authority_key, critical=False)
+            .add_extension(self.key_usage, critical=True)
+            .sign(ca_key, hashes.SHA256())
+        )
+        file_path=os.path.join(CERTS_PATH, file_name)
+        with open(file_path, mode="wb") as file:
+            file.write(ca_cert.public_bytes(encoding=serialization.Encoding.PEM))
+        return ca_cert, ca_key
+
+    def make_cross_cert(self, ca_root, root_key, ca_cert, ca_key) -> None:
+        """Generate cross-signed root CA certificate"""
+        ca_public = ca_key.public_key()
+        authority_key = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
+            ca_root.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value
+        )
+        ca_cross = (
+            x509.CertificateBuilder()
+            .subject_name(ca_cert.subject)
+            .issuer_name(ca_root.subject)
+            .public_key(ca_public)
+            .serial_number(ca_cert.serial_number)
+            .not_valid_before(date_20180101)
+            .not_valid_after(date_20180101 + datetime.timedelta(days=7300))
+            .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True)
+            .add_extension(x509.SubjectKeyIdentifier.from_public_key(ca_public), critical=False)
+            .add_extension(authority_key, critical=False)
+            .add_extension(self.key_usage, critical=True)
+            .sign(root_key, hashes.SHA256())
+        )
+        file_path=os.path.join(CERTS_PATH, "CAcross.pem")
+        with open(file_path, mode="wb") as file:
+            file.write(ca_cross.public_bytes(encoding=serialization.Encoding.PEM))
+
+    def write_key(self, key, file_name) -> None:
+        """Write a private RSA key"""
+        # Write password
+        file_path = os.path.join(CERTS_PATH, "password.txt")
+        with open(file_path, mode="w", encoding="utf-8") as file:
+            file.write("{}".format(PASSWORD))
+
+        # Write encrypted key in PEM format
+        file_path = os.path.join(CERTS_PATH, file_name + "p.pem")
+        with open(file_path, mode="wb") as file:
+            file.write(key.private_bytes(
+                encoding=serialization.Encoding.PEM,
+                format=serialization.PrivateFormat.PKCS8,
+                encryption_algorithm=serialization.BestAvailableEncryption(PASSWORD.encode())
+            )
+        )
+        # Write decrypted key in PEM format
+        file_path = os.path.join(CERTS_PATH, file_name + ".pem")
+        with open(file_path, mode="wb") as file:
+            file.write(key.private_bytes(
+                encoding=serialization.Encoding.PEM,
+                format=serialization.PrivateFormat.PKCS8,
+                encryption_algorithm=serialization.NoEncryption()
+            )
+        )
+        # Write the key in DER format
+        file_path = os.path.join(CERTS_PATH, file_name + ".der")
+        with open(file_path, mode="wb") as file:
+            file.write(key.private_bytes(
+                encoding=serialization.Encoding.DER,
+                format=serialization.PrivateFormat.PKCS8,
+                encryption_algorithm=serialization.NoEncryption()
+            )
+        )
+
+
+class TSARootCACertificate(X509Extensions):
+    """Base class for TSA certificates"""
+
+    def __init__(self):
+        super().__init__("Timestamp Authority Root CA", 0, None)
+
+    def make_cert(self) -> (x509.Certificate, rsa.RSAPrivateKey):
+        """Generate a Time Stamp Authority certificate"""
+        ca_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+        ca_public = ca_key.public_key()
+        authority_key = x509.AuthorityKeyIdentifier.from_issuer_public_key(ca_public)
+        name = self.create_x509_name("TSA Root CA")
+        key_usage = x509.KeyUsage(
+            digital_signature=False,
+            content_commitment=False,
+            key_encipherment=False,
+            data_encipherment=False,
+            key_agreement=False,
+            key_cert_sign=True,
+            crl_sign=True,
+            encipher_only=False,
+            decipher_only=False
+        )
+        ca_cert = (
+            x509.CertificateBuilder()
+            .subject_name(name)
+            .issuer_name(name)
+            .public_key(ca_public)
+            .serial_number(x509.random_serial_number())
+            .not_valid_before(date_20170101)
+            .not_valid_after(date_20170101 + datetime.timedelta(days=7300))
+            .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True)
+            .add_extension(x509.SubjectKeyIdentifier.from_public_key(ca_public), critical=False)
+            .add_extension(authority_key, critical=False)
+            .add_extension(key_usage, critical=True)
+            .sign(ca_key, hashes.SHA256())
+        )
+        file_path=os.path.join(CERTS_PATH, "TSACA.pem")
+        with open(file_path, mode="wb") as file:
+            file.write(ca_cert.public_bytes(encoding=serialization.Encoding.PEM))
+
+        return ca_cert, ca_key
+
+    def write_key(self, key, file_name) -> None:
+        """Write decrypted private RSA key into PEM format"""
+        file_path = os.path.join(CERTS_PATH, file_name + ".key")
+        with open(file_path, mode="wb") as file:
+            file.write(key.private_bytes(
+                encoding=serialization.Encoding.PEM,
+                format=serialization.PrivateFormat.PKCS8,
+                encryption_algorithm=serialization.NoEncryption()
+            )
+        )
+
+
+class Certificate(X509Extensions):
+    """Base class for a leaf certificate"""
+
+    def __init__(self, issuer_cert, issuer_key, unit_name, common_name, cdp_port, cdp_name):
+        #pylint: disable=too-many-arguments
+        self.issuer_cert = issuer_cert
+        self.issuer_key = issuer_key
+        self.common_name = common_name
+        super().__init__(unit_name, cdp_port, cdp_name)
+
+    def make_cert(self, public_key, not_before, days) -> x509.Certificate:
+        """Generate a leaf certificate"""
+        authority_key = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
+            self.issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value
+        )
+        extended_key_usage = x509.ExtendedKeyUsage(
+            [x509.oid.ExtendedKeyUsageOID.CODE_SIGNING]
+        )
+        cert = (
+            x509.CertificateBuilder()
+            .subject_name(self.create_x509_name(self.common_name))
+            .issuer_name(self.issuer_cert.subject)
+            .public_key(public_key)
+            .serial_number(x509.random_serial_number())
+            .not_valid_before(not_before)
+            .not_valid_after(not_before + datetime.timedelta(days=days))
+            .add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=False)
+            .add_extension(x509.SubjectKeyIdentifier.from_public_key(public_key), critical=False)
+            .add_extension(authority_key, critical=False)
+            .add_extension(extended_key_usage, critical=False)
+            .add_extension(self.create_x509_crldp(), critical=False)
+            .sign(self.issuer_key, hashes.SHA256())
+        )
+        # Write PEM file and attach intermediate certificate
+        file_path = os.path.join(CERTS_PATH, self.common_name + ".pem")
+        with open(file_path, mode="wb") as file:
+            file.write(cert.public_bytes(encoding=serialization.Encoding.PEM))
+            file.write(self.issuer_cert.public_bytes(encoding=serialization.Encoding.PEM))
+
+        return cert
+
+    def revoke_cert(self, serial_number, file_name) -> None:
+        """Revoke a certificate"""
+        revoked = (
+            x509.RevokedCertificateBuilder()
+            .serial_number(serial_number)
+            .revocation_date(date_20190101)
+            .add_extension(x509.CRLReason(x509.ReasonFlags.superseded), critical=False)
+            .build()
+        )
+        # Generate CRL
+        authority_key = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
+            self.issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value
+        )
+        crl = (
+            x509.CertificateRevocationListBuilder()
+            .issuer_name(self.issuer_cert.subject)
+            .last_update(date_20190101)
+            .next_update(date_20190101 + datetime.timedelta(days=7300))
+            .add_extension(authority_key, critical=False)
+            .add_extension(x509.CRLNumber(4097), critical=False)
+            .add_revoked_certificate(revoked)
+            .sign(self.issuer_key, hashes.SHA256())
+        )
+        # Write CRL file
+        file_path = os.path.join(CERTS_PATH, file_name + ".pem")
+        with open(file_path, mode="wb") as file:
+            file.write(crl.public_bytes(encoding=serialization.Encoding.PEM))
+
+        file_path = os.path.join(CERTS_PATH, file_name + ".der")
+        with open(file_path, mode="wb") as file:
+            file.write(crl.public_bytes(encoding=serialization.Encoding.DER))
+
+
+class LeafCACertificate(Certificate):
+    """Base class for a leaf certificate"""
+
+    def __init__(self, issuer_cert, issuer_key, common, cdp_port):
+        super().__init__(issuer_cert, issuer_key, "CSP", common, cdp_port, "intermediateCA")
+
+
+class LeafTSACertificate(Certificate):
+    """Base class for a TSA leaf certificate"""
+
+    def __init__(self, issuer_cert, issuer_key, common, cdp_port):
+        self.issuer_cert = issuer_cert
+        self.issuer_key = issuer_key
+        self.common_name = common
+        super().__init__(issuer_cert, issuer_key, "Timestamp Root CA", common, cdp_port, "TSACA")
+
+    def make_cert(self, public_key, not_before, days) -> x509.Certificate:
+        """Generate a TSA leaf certificate"""
+
+        authority_key = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
+            self.issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value
+        )
+
+        # The TSA signing certificate must have exactly one extended key usage
+        # assigned to it: timeStamping. The extended key usage must also be critical,
+        # otherwise the certificate is going to be refused.
+        extended_key_usage = x509.ExtendedKeyUsage(
+            [x509.oid.ExtendedKeyUsageOID.TIME_STAMPING]
+        )
+        cert = (
+            x509.CertificateBuilder()
+            .subject_name(self.create_x509_name(self.common_name))
+            .issuer_name(self.issuer_cert.subject)
+            .public_key(public_key)
+            .serial_number(x509.random_serial_number())
+            .not_valid_before(not_before)
+            .not_valid_after(not_before + datetime.timedelta(days=days))
+            .add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=True)
+            .add_extension(x509.SubjectKeyIdentifier.from_public_key(public_key), critical=False)
+            .add_extension(authority_key, critical=False)
+            .add_extension(extended_key_usage, critical=True)
+            .add_extension(self.create_x509_crldp(), critical=False)
+            .add_extension(self.create_x509_name_constraints(), critical=False)
+            .sign(self.issuer_key, hashes.SHA256())
+        )
+        # Write PEM file and attach intermediate certificate
+        file_path = os.path.join(CERTS_PATH, self.common_name + ".pem")
+        with open(file_path, mode="wb") as file:
+            file.write(cert.public_bytes(encoding=serialization.Encoding.PEM))
+            file.write(self.issuer_cert.public_bytes(encoding=serialization.Encoding.PEM))
+
+        return cert
+
+
+class CertificateMaker():
+    """Base class for test certificates"""
+
+    def __init__(self, cdp_port, logs):
+        self.cdp_port = cdp_port
+        self.logs = logs
+
+    def make_certs(self) -> None:
+        """Make test certificates"""
+        try:
+            self.make_ca_certs()
+            self.make_tsa_certs()
+            logs = os.path.join(CERTS_PATH, "./cert.log")
+            with open(logs, mode="w", encoding="utf-8") as file:
+                file.write("Test certificates generation succeeded")
+        except Exception as err: # pylint: disable=broad-except
+            with open(self.logs, mode="a", encoding="utf-8") as file:
+                file.write("Error: {}".format(err))
+
+    def make_ca_certs(self):
+        """Make test certificates"""
+
+        # Generate root CA certificate
+        root = RootCACertificate()
+        ca_cert, ca_key = root.make_cert()
+
+        # Generate intermediate root CA certificate
+        intermediate = IntermediateCACertificate(ca_cert, ca_key)
+        issuer_cert, issuer_key = intermediate.make_cert()
+
+        # Generate private RSA key
+        private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+        public_key = private_key.public_key()
+        root.write_key(key=private_key, file_name="key")
+
+        # Generate expired certificate
+        expired = LeafCACertificate(issuer_cert, issuer_key, "expired", self.cdp_port)
+        expired.make_cert(public_key, date_20180101, 365)
+
+        # Generate revoked certificate
+        revoked = LeafCACertificate(issuer_cert, issuer_key, "revoked", self.cdp_port)
+        cert = revoked.make_cert(public_key, date_20180101, 5840)
+        revoked.revoke_cert(cert.serial_number, "CACertCRL")
+
+        # Generate code signing certificate
+        signer = LeafCACertificate(issuer_cert, issuer_key, "cert", self.cdp_port)
+        cert = signer.make_cert(public_key, date_20180101, 5840)
+
+        # Write a certificate and a key into PKCS#12 container
+        self.write_pkcs12_container(
+            cert=cert,
+            key=private_key,
+            issuer=issuer_cert
+        )
+
+        # Write DER file and attach intermediate certificate
+        file_path = os.path.join(CERTS_PATH, "cert.der")
+        with open(file_path, mode="wb") as file:
+            file.write(cert.public_bytes(encoding=serialization.Encoding.DER))
+
+    def make_tsa_certs(self):
+        """Make test TSA certificates"""
+
+        # Time Stamp Authority certificate
+        root = TSARootCACertificate()
+        issuer_cert, issuer_key = root.make_cert()
+
+        # Generate private RSA key
+        private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
+        public_key = private_key.public_key()
+        root.write_key(key=private_key, file_name="TSA")
+
+        # Generate revoked TSA certificate
+        revoked = LeafTSACertificate(issuer_cert, issuer_key, "TSA_revoked", self.cdp_port)
+        cert = revoked.make_cert(public_key, date_20180101, 7300)
+        revoked.revoke_cert(cert.serial_number, "TSACertCRL")
+
+        # Generate TSA certificate
+        signer = LeafTSACertificate(issuer_cert, issuer_key, "TSA", self.cdp_port)
+        cert = signer.make_cert(public_key, date_20180101, 7300)
+
+        # Save the chain to be included in the TSA response
+        file_path = os.path.join(CERTS_PATH, "tsa-chain.pem")
+        with open(file_path, mode="wb") as file:
+            file.write(cert.public_bytes(encoding=serialization.Encoding.PEM))
+            file.write(issuer_cert.public_bytes(encoding=serialization.Encoding.PEM))
+
+
+    def write_pkcs12_container(self, cert, key, issuer) -> None:
+        """Write a certificate and a key into a PKCS#12 container"""
+
+        # Set an encryption algorithm
+        if cryptography.__version__ >= "38.0.0":
+            # For OpenSSL legacy mode use the default algorithm for certificate
+            # and private key encryption: DES-EDE3-CBC (vel 3DES_CBC)
+            # pylint: disable=no-member
+            encryption = (
+                serialization.PrivateFormat.PKCS12.encryption_builder()
+                .key_cert_algorithm(serialization.pkcs12.PBES.PBESv1SHA1And3KeyTripleDESCBC)
+                .kdf_rounds(5000)
+                .build(PASSWORD.encode())
+            )
+        else:
+            encryption = serialization.BestAvailableEncryption(PASSWORD.encode())
+
+        # Generate PKCS#12 struct
+        pkcs12 = serialization.pkcs12.serialize_key_and_certificates(
+            name=b'certificate',
+            key=key,
+            cert=cert,
+            cas=(issuer,),
+            encryption_algorithm=encryption
+        )
+
+        # Write into a PKCS#12 container
+        file_path = os.path.join(CERTS_PATH, "cert.p12")
+        with open(file_path, mode="wb") as file:
+            file.write(pkcs12)
+
+
+# pylint: disable=pointless-string-statement
+"""Local Variables:
+    c-basic-offset: 4
+    tab-width: 4
+    indent-tabs-mode: nil
+End:
+    vim: set ts=4 expandtab:
+"""
diff --git a/tests/server_http.py b/tests/server_http.py
index 084dc45..716859b 100644
--- a/tests/server_http.py
+++ b/tests/server_http.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python3
 """Implementation of a HTTP server"""
 
 import argparse
@@ -8,6 +9,7 @@ import threading
 from urllib.parse import urlparse
 from http.server import SimpleHTTPRequestHandler, HTTPServer
 from socketserver import ThreadingMixIn
+from make_certificates import CertificateMaker
 
 RESULT_PATH = os.getcwd()
 FILES_PATH = os.path.join(RESULT_PATH, "./Testing/files/")
@@ -16,11 +18,9 @@ CONF_PATH = os.path.join(RESULT_PATH, "./Testing/conf/")
 LOGS_PATH = os.path.join(RESULT_PATH, "./Testing/logs/")
 REQUEST = os.path.join(FILES_PATH, "./jreq.tsq")
 RESPONS = os.path.join(FILES_PATH, "./jresp.tsr")
-CACRL = os.path.join(CERTS_PATH, "./CACertCRL.der")
-TSACRL = os.path.join(CERTS_PATH, "./TSACertCRL.der")
 OPENSSL_CONF = os.path.join(CONF_PATH, "./openssl_tsa.cnf")
-PORT_LOG = os.path.join(LOGS_PATH, "./port.log")
-
+SERVER_LOG = os.path.join(LOGS_PATH, "./server.log")
+URL_LOG = os.path.join(LOGS_PATH, "./url.log")
 
 OPENSSL_TS = ["openssl", "ts",
     "-reply", "-config", OPENSSL_CONF,
@@ -28,9 +28,12 @@ OPENSSL_TS = ["openssl", "ts",
     "-queryfile", REQUEST,
     "-out", RESPONS]
 
+
 class ThreadingHTTPServer(ThreadingMixIn, HTTPServer):
+    """This variant of HTTPServer creates a new thread for every connection"""
     daemon_threads = True
 
+
 class RequestHandler(SimpleHTTPRequestHandler):
     """Handle the HTTP POST request that arrive at the server"""
 
@@ -49,10 +52,12 @@ class RequestHandler(SimpleHTTPRequestHandler):
             resp_data = b''
             # Read the file and send the contents
             if url.path == "/intermediateCA":
-                with open(CACRL, 'rb') as file:
+                file_path = os.path.join(CERTS_PATH, "./CACertCRL.der")
+                with open(file_path, 'rb') as file:
                     resp_data = file.read()
             if url.path == "/TSACA":
-                with open(TSACRL, 'rb') as file:
+                file_path = os.path.join(CERTS_PATH, "./TSACertCRL.der")
+                with open(file_path, 'rb') as file:
                     resp_data = file.read()
             self.wfile.write(resp_data)
         except Exception as err: # pylint: disable=broad-except
@@ -65,8 +70,8 @@ class RequestHandler(SimpleHTTPRequestHandler):
             url = urlparse(self.path)
             self.send_response(200)
             if url.path == "/kill_server":
-                self.log_message(f"Deleting file: {PORT_LOG}")
-                os.remove(f"{PORT_LOG}")
+                self.log_message(f"Deleting file: {URL_LOG}")
+                os.remove(f"{URL_LOG}")
                 self.send_header('Content-type', 'text/plain')
                 self.end_headers()
                 self.wfile.write(bytes('Shutting down HTTP server', 'utf-8'))
@@ -76,8 +81,7 @@ class RequestHandler(SimpleHTTPRequestHandler):
                 post_data = self.rfile.read(content_length)
                 with open(REQUEST, mode="wb") as file:
                     file.write(post_data)
-                openssl = subprocess.run(OPENSSL_TS,
-                    check=True, universal_newlines=True)
+                openssl = subprocess.run(OPENSSL_TS, check=True, universal_newlines=True)
                 openssl.check_returncode()
                 self.send_header("Content-type", "application/timestamp-reply")
                 self.end_headers()
@@ -85,6 +89,7 @@ class RequestHandler(SimpleHTTPRequestHandler):
                 with open(RESPONS, mode="rb") as file:
                     resp_data = file.read()
                 self.wfile.write(resp_data)
+
         except Exception as err: # pylint: disable=broad-except
             print("HTTP POST request error: {}".format(err))
 
@@ -108,7 +113,8 @@ class HttpServerThread():
 
 
 def main() -> None:
-    """Start HTTP server"""
+    """Start HTTP server, make test certificates."""
+
     ret = 0
     parser = argparse.ArgumentParser()
     parser.add_argument(
@@ -121,11 +127,16 @@ def main() -> None:
     try:
         server = HttpServerThread()
         port = server.start_server(args.port)
-        with open(PORT_LOG, mode="w") as file:
-            file.write("{}".format(port))
+        with open(URL_LOG, mode="w", encoding="utf-8") as file:
+            file.write("127.0.0.1:{}".format(port))
+        tests = CertificateMaker(port, SERVER_LOG)
+        tests.make_certs()
     except OSError as err:
         print("OSError: {}".format(err))
         ret = err.errno
+    except Exception as err: # pylint: disable=broad-except
+        print("Error: {}".format(err))
+        ret = 1
     finally:
         sys.exit(ret)
 
@@ -135,6 +146,9 @@ if __name__ == '__main__':
         fpid = os.fork()
         if fpid > 0:
             sys.exit(0)
+        with open(SERVER_LOG, mode='w', encoding='utf-8') as log:
+            os.dup2(log.fileno(), sys.stdout.fileno())
+            os.dup2(log.fileno(), sys.stderr.fileno())
     except OSError as ferr:
         print("Fork #1 failed: {} {}".format(ferr.errno, ferr.strerror))
         sys.exit(1)
diff --git a/tests/server_http.pyw b/tests/server_http.pyw
index df7c017..31481ee 100644
--- a/tests/server_http.pyw
+++ b/tests/server_http.pyw
@@ -1,11 +1,14 @@
+#!/usr/bin/python3
 """Windows: Implementation of a HTTP server"""
 
+import argparse
 import os
 import subprocess
 import sys
 import threading
 from urllib.parse import urlparse
 from http.server import SimpleHTTPRequestHandler, ThreadingHTTPServer
+from make_certificates import CertificateMaker
 
 RESULT_PATH = os.getcwd()
 FILES_PATH = os.path.join(RESULT_PATH, "./Testing/files/")
@@ -14,11 +17,9 @@ CONF_PATH = os.path.join(RESULT_PATH, "./Testing/conf/")
 LOGS_PATH = os.path.join(RESULT_PATH, "./Testing/logs/")
 REQUEST = os.path.join(FILES_PATH, "./jreq.tsq")
 RESPONS = os.path.join(FILES_PATH, "./jresp.tsr")
-CACRL = os.path.join(CERTS_PATH, "./CACertCRL.der")
-TSACRL = os.path.join(CERTS_PATH, "./TSACertCRL.der")
 OPENSSL_CONF = os.path.join(CONF_PATH, "./openssl_tsa.cnf")
 SERVER_LOG = os.path.join(LOGS_PATH, "./server.log")
-PORT_LOG = os.path.join(LOGS_PATH, "./port.log")
+URL_LOG = os.path.join(LOGS_PATH, "./url.log")
 
 
 OPENSSL_TS = ["openssl", "ts",
@@ -46,10 +47,12 @@ class RequestHandler(SimpleHTTPRequestHandler):
             resp_data = b''
             # Read the file and send the contents
             if url.path == "/intermediateCA":
-                with open(CACRL, 'rb') as file:
+                file_path = os.path.join(CERTS_PATH, "./CACertCRL.der")
+                with open(file_path, 'rb') as file:
                     resp_data = file.read()
             if url.path == "/TSACA":
-                with open(TSACRL, 'rb') as file:
+                file_path = os.path.join(CERTS_PATH, "./TSACertCRL.der")
+                with open(file_path, 'rb') as file:
                     resp_data = file.read()
             self.wfile.write(resp_data)
         except Exception as err: # pylint: disable=broad-except
@@ -62,8 +65,8 @@ class RequestHandler(SimpleHTTPRequestHandler):
             url = urlparse(self.path)
             self.send_response(200)
             if url.path == "/kill_server":
-                self.log_message(f"Deleting file: {PORT_LOG}")
-                os.remove(f"{PORT_LOG}")
+                self.log_message(f"Deleting file: {URL_LOG}")
+                os.remove(f"{URL_LOG}")
                 self.send_header('Content-type', 'text/plain')
                 self.end_headers()
                 self.wfile.write(bytes('Shutting down HTTP server', 'utf-8'))
@@ -94,9 +97,9 @@ class HttpServerThread():
         self.server = None
         self.server_thread = None
 
-    def start_server(self) -> (int):
+    def start_server(self, port) -> (int):
         """Starting HTTP server on 127.0.0.1 and a random available port for binding"""
-        self.server = ThreadingHTTPServer(('127.0.0.1', 19254), RequestHandler)
+        self.server = ThreadingHTTPServer(('127.0.0.1', port), RequestHandler)
         self.server_thread = threading.Thread(target=self.server.serve_forever)
         self.server_thread.start()
         hostname, port = self.server.server_address[:2]
@@ -106,14 +109,25 @@ class HttpServerThread():
 
 def main() -> None:
     """Start HTTP server"""
+
     ret = 0
+    parser = argparse.ArgumentParser()
+    parser.add_argument(
+        "--port",
+        type=int,
+        default=0,
+        help="port number"
+    )
+    args = parser.parse_args()
     try:
         sys.stdout = open(SERVER_LOG, "w")
         sys.stderr = open(SERVER_LOG, "a")
         server = HttpServerThread()
-        port = server.start_server()
-        with open(PORT_LOG, mode="w") as file:
-            file.write("{}".format(port))
+        port = server.start_server(args.port)
+        with open(URL_LOG, mode="w") as file:
+            file.write("127.0.0.1:{}".format(port))
+        tests = CertificateMaker(port, SERVER_LOG)
+        tests.make_certs()
     except OSError as err:
         print("OSError: {}".format(err))
         ret = err.errno
diff --git a/tests/start_server.py b/tests/start_server.py
new file mode 100644
index 0000000..b2554ab
--- /dev/null
+++ b/tests/start_server.py
@@ -0,0 +1,108 @@
+#!/usr/bin/python3
+"""Wait for all tests certificate, compute leafhash"""
+
+import argparse
+import binascii
+import hashlib
+import os
+import pathlib
+import platform
+import subprocess
+import sys
+import time
+
+RESULT_PATH = os.getcwd()
+CERTS_PATH = os.path.join(RESULT_PATH, "./Testing/certs/")
+LOGS_PATH = os.path.join(RESULT_PATH, "./Testing/logs/")
+SERVER_LOG = os.path.join(LOGS_PATH, "./server.log")
+if platform.system() == 'Windows':
+    DEFAULT_PYTHON = "C:/Program Files/Python/Python311/pythonw.exe"
+    DEFAULT_PROG =  os.path.join(RESULT_PATH, "./Testing/server_http.pyw")
+else:
+    DEFAULT_PYTHON = "/usr/bin/python3"
+    DEFAULT_PROG =  os.path.join(RESULT_PATH, "./Testing/server_http.py")
+
+
+def compute_sha256(file_name) -> str:
+    """Compute a SHA256 hash of the leaf certificate (in DER form)"""
+
+    sha256_hash = hashlib.sha256()
+    file_path = os.path.join(CERTS_PATH, file_name)
+    with open(file_path, mode="rb") as file:
+        for bajt in iter(lambda: file.read(4096),b""):
+            sha256_hash.update(bajt)
+    return sha256_hash.hexdigest()
+
+def clear_catalog(certs_path) -> None:
+    """"Clear a test certificates catalog."""
+
+    if os.path.exists(certs_path):
+        #Remove old test certificates
+        for root, _, files in os.walk(certs_path):
+            for file in files:
+                os.remove(os.path.join(root, file))
+    else:
+        os.mkdir(certs_path)
+
+    # Generate 16 random bytes and convert to hex
+    random_hex = binascii.b2a_hex(os.urandom(16)).decode()
+    serial = os.path.join(certs_path, "./tsa-serial")
+    with open(serial, mode="w", encoding="utf-8") as file:
+        file.write(random_hex)
+
+def main() -> None:
+    """Wait for all tests certificate, compute leafhash"""
+
+    parser = argparse.ArgumentParser()
+    parser.add_argument(
+        "--exe",
+        type=pathlib.Path,
+        default=DEFAULT_PYTHON,
+        help=f"the path to the python3 executable to use"
+        f"(default: {DEFAULT_PYTHON})",
+    )
+    parser.add_argument(
+        "--script",
+        type=pathlib.Path,
+        default=DEFAULT_PROG,
+        help=f"the path to the python script to run"
+        f"(default: {DEFAULT_PROG})",
+    )
+    args = parser.parse_args()
+    try:
+        clear_catalog(CERTS_PATH)
+        #pylint: disable=consider-using-with
+        subprocess.Popen([str(args.exe), str(args.script)])
+
+        cert_log = os.path.join(CERTS_PATH, "./cert.log")
+        while not (os.path.exists(cert_log) and os.path.getsize(cert_log) > 0):
+            time.sleep(1)
+
+        leafhash = compute_sha256("cert.der")
+        file_path = os.path.join(CERTS_PATH, "./leafhash.txt")
+        with open(file_path, mode="w", encoding="utf-8") as file:
+            file.write("SHA256:{}".format(leafhash))
+
+    except OSError as err:
+        with open(SERVER_LOG, mode="w", encoding="utf-8") as file:
+            file.write("OSError: {}".format(err))
+        sys.exit(1)
+
+    except Exception as err: # pylint: disable=broad-except
+        with open(SERVER_LOG, mode="w", encoding="utf-8") as file:
+            file.write("Error: {}".format(err))
+        sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()
+
+
+# pylint: disable=pointless-string-statement
+"""Local Variables:
+    c-basic-offset: 4
+    tab-width: 4
+    indent-tabs-mode: nil
+End:
+    vim: set ts=4 expandtab:
+"""
diff --git a/vcpkg.json b/vcpkg.json
index ba4560c..3699e3d 100644
--- a/vcpkg.json
+++ b/vcpkg.json
@@ -3,11 +3,7 @@
     "version-string": "2.4",
     "dependencies": [
         "openssl",
-        "curl",
-        {
-            "name": "python3",
-            "platform": "!(windows & static) & !osx"
-        }
+        "zlib"
     ],
     "builtin-baseline": "9edb1b8e590cc086563301d735cae4b6e732d2d2"
 }