From 782e0430832cde12339edb732ebe8989f376e8e9 Mon Sep 17 00:00:00 2001
From: Johann150 <johann.galle@protonmail.com>
Date: Thu, 11 Mar 2021 22:24:10 +0100
Subject: [PATCH] fix tests for multiple certificates

The tests now actually check that a specific certificate is being used by only
loading the correct one into the trust chain while running the test. The
problem before was that openssl-req by default generates CA-capable certs which
are not accepted by rustls.
---
 tests/data/multicert/ca_cert.pem          |  29 -------
 tests/data/multicert/ca_key.rsa           |  52 -----------
 tests/data/multicert/create_certs.sh      |  28 +++---
 tests/data/multicert/example.com/cert.pem |  54 ++++++------
 tests/data/multicert/example.com/key.rsa  | 100 +++++++++++-----------
 tests/data/multicert/example.org/cert.pem |  54 ++++++------
 tests/data/multicert/example.org/key.rsa  | 100 +++++++++++-----------
 tests/tests.rs                            |   4 +-
 8 files changed, 167 insertions(+), 254 deletions(-)
 delete mode 100644 tests/data/multicert/ca_cert.pem
 delete mode 100644 tests/data/multicert/ca_key.rsa

diff --git a/tests/data/multicert/ca_cert.pem b/tests/data/multicert/ca_cert.pem
deleted file mode 100644
index 7cca683..0000000
--- a/tests/data/multicert/ca_cert.pem
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFCzCCAvOgAwIBAgIUIBGuqsV2UiwpjgNTBhsCWSEofMEwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKZXhhbXBsZSBDQTAeFw0yMTAzMDMxNzI1MjFaFw0zMTAz
-MDExNzI1MjFaMBUxEzARBgNVBAMMCmV4YW1wbGUgQ0EwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQDAYjrXvFY9MpJ0Cy9Jte42u9peeUQ+4isGIDmnSAmA
-hngVqoDlqvr6mXXU+N0c7jDkLEcs7EySORP/k1rRrAtQPSZeMSVQ47aJirmIlcnb
-P9/ivyYv8lyndZCZikOAOz7D1beRV66MX2q1/plnW1QuWHbk83IqNniZcL8QRTWw
-EYy8CxNd9UO9TlzF/kuIadNlFEywiQ6pbZiIhPChCtg2vKx/abQukYSGDoQxTIEp
-T6uqoHevAMZFMhwhURG5kUX65xQcIDSobvxyziSc3fKW/fxzu/ORkLHBB5T3jcQJ
-+BL4pb+hZl7Xe/r4TvfhSpdzu5hoLFAqLWhQUHymMG8kmqJ6Q9lfuQO4A/HuqCQN
-cYtEce88uOaF/TPt99qhvg/7V1LXxZ9UNnyc2cQUroT8jx+5NtWBPQvekKSoufxX
-4Kv4kdtaPyGRVZcshLQKog6kD49nzlCJhYV9UUiGQMUrzb7H5n+Y2puN87B5oUVY
-djNJ65h7y27fKeXfrpvTJ+kqi9A6hrwNR6INTkRJ+l6mnpX0tnTmGmSiChsW+xCF
-R2bIl04y4efqYToG3fQk0vzn+rGx57DqnpgDavIYJxsNWzJ4qWWxdN08QV8OsmEo
-0u6Ks9+EVv6sHmY+WWsOB+8Jgwa0p2HcQ2nu0KrIDNVxUS29jPA/Iw7g/w95az/X
-2wIDAQABo1MwUTAdBgNVHQ4EFgQUtyhzhR/wxqDZlRxR4odCXFhSwtEwHwYDVR0j
-BBgwFoAUtyhzhR/wxqDZlRxR4odCXFhSwtEwDwYDVR0TAQH/BAUwAwEB/zANBgkq
-hkiG9w0BAQsFAAOCAgEAZYiHTpAsWvOdqsMa9KhiWgOYAtJ/vERaTkWowxfqpBrx
-nC9k5PAU4r5mAa38RX9hbRWEpXA2oEET/txg4a9oHkYPCk8+Nq/K7JwoY32gdsuC
-EeAFIFhsfV5aDnoMxEfjOo7erFa89UBLup9bw3VupQ6+9B7UJP5Q1g8aapdcw2Io
-nFiof56TNBUNSSJc0ErfBInCQ+T2yIbbyXvsNhbENidlP8nDv9cwHEQewUPbH9/y
-k4MqsZVsdrm00m0ZWgdQfZnTgM5/TBp+tTyHJOQqfekPiqob7lPGgakMhkpGHJvu
-EnkQJecgHA1/k2ETM4Ja162kbshN8LjLLrXi9aEwDYTW1xFbvK9MrHKcSOTq+FJs
-WV3RK1J56pqq3iNJLXkXjSuo6bNIA4fjxJk8scRdsANAYfV9I3pJUY1EB/LvycSo
-zCUgpp+tnqT+lgvCZ3aFi/Iajb0TgoNb/xgHo2MJmRNLj6RQlJkLDEYBQTE1iiru
-bWZW2jf7LEBM9MwT2+I2AbmCLyPoA04ZT7GH2yeugU1YrxO5Erj6m3JBdwuKIU7g
-DJH2DttPIm1ay00tFBapYoODfXwqqIPtYRSAhSxxuWRV1fl5kVgyT2TjEvv9b/8j
-SMRrGvo4Ws2H8W8Fcf0EVIywkVxpE2YlzztEWhVJEmltM74slX82QZ2ppWCmepg=
------END CERTIFICATE-----
diff --git a/tests/data/multicert/ca_key.rsa b/tests/data/multicert/ca_key.rsa
deleted file mode 100644
index b5fb859..0000000
--- a/tests/data/multicert/ca_key.rsa
+++ /dev/null
@@ -1,52 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDAYjrXvFY9MpJ0
-Cy9Jte42u9peeUQ+4isGIDmnSAmAhngVqoDlqvr6mXXU+N0c7jDkLEcs7EySORP/
-k1rRrAtQPSZeMSVQ47aJirmIlcnbP9/ivyYv8lyndZCZikOAOz7D1beRV66MX2q1
-/plnW1QuWHbk83IqNniZcL8QRTWwEYy8CxNd9UO9TlzF/kuIadNlFEywiQ6pbZiI
-hPChCtg2vKx/abQukYSGDoQxTIEpT6uqoHevAMZFMhwhURG5kUX65xQcIDSobvxy
-ziSc3fKW/fxzu/ORkLHBB5T3jcQJ+BL4pb+hZl7Xe/r4TvfhSpdzu5hoLFAqLWhQ
-UHymMG8kmqJ6Q9lfuQO4A/HuqCQNcYtEce88uOaF/TPt99qhvg/7V1LXxZ9UNnyc
-2cQUroT8jx+5NtWBPQvekKSoufxX4Kv4kdtaPyGRVZcshLQKog6kD49nzlCJhYV9
-UUiGQMUrzb7H5n+Y2puN87B5oUVYdjNJ65h7y27fKeXfrpvTJ+kqi9A6hrwNR6IN
-TkRJ+l6mnpX0tnTmGmSiChsW+xCFR2bIl04y4efqYToG3fQk0vzn+rGx57DqnpgD
-avIYJxsNWzJ4qWWxdN08QV8OsmEo0u6Ks9+EVv6sHmY+WWsOB+8Jgwa0p2HcQ2nu
-0KrIDNVxUS29jPA/Iw7g/w95az/X2wIDAQABAoICAQCSyuEHN+e9rlbdQKOGZNEs
-5k2LBJC0QrJ9bB1RrL/DV9dNANp1Y+85Q9sK9BETQBQCJl7wwiTy9aZyvqbvkYzY
-XrBl8q38eKQRcs56j4CEUMquIxgqQY29IRGCdmNm9s2/c9Uri3HeHfg4gdnfaWpk
-KpAdxjv4RbPjsIm5CnYasGloGjNe4AQd8CsN0CkmH0lzuPeDRDDxynQ2xuksmC++
-JFyio68eUV6DQ5ROYYe0U9wyx1pLKBYhOkkIiukxZM220pcflttXIchyeSSqpRez
-an00edcx3Owk03oxIfTRfn5LR31e09POLAWlbevp9ZZ2ck+qPRW1+Qu9LIzP6ekC
-+9vTOA9Q9B8b/Yw8Mmi7J8ACLUFi5+B/cDUSYg2TJbpiIfFukFeXQpOzQBSOjdki
-tKY0RgxftFZaKhu3dyhyucQHde+iUnSNfoK746fnIPTFPF/fb7Ot54xX/PuUvrBR
-6RFi5Bj8aU8XqpOks6rFKNgyY/uJgPklPAR/z9wEDVRbwT2BbEUvu5A26T15/1lO
-Z2tKMH+VsSClJmuJxB3pl/aoZiYG7bwrTn0AUAHPAizYZtit+8O/Z5e0SukBprKK
-RmqUySo5Em7GWuJdizzsMq8Yf6IWk7lxHhOGAGCLfNTBGtw24zchuKdz6rO2nedV
-haBmpghW7seHKe/WLTvREQKCAQEA6t+gWSA68nyl+ylqk40VAycT6uZNeMYOXdL5
-OSgeow5XaQvf5myzlTj3eXTXUYAbxqicrNiYC9z0MOsJKwG12tBizexazlAFUw9y
-i8f/PBY6oh+ramkLVcE9BAvKWEND5mGvvweWRk1vJsPgdOgBHOtok1Ek5ae8yQx7
-NaUoA/6/YgS0LlWuPRdizdBIvOjgbuMPQUyb0rlYHhkXldyPf/47QBqzyY3D5wwM
-6WdcdB/wjFnVCnLYABu6HZ519ZyoDGayow6miv9KlAMgozC56u99vDtS7trbaeNQ
-AGNm/1mpkMvV0GerMJrDNE/SeNt8P0AT2UlI3XxAcsM1l6SHLwKCAQEA0bAzb1++
-ZqGG4DSzOgc1x4tsxrOqTm72EVqn+qVBy8K+iieNmDYpcIXUjr5L4T5/wFdd1zH4
-MDM2lseSFw2A6NuRiXRQxuwQyoNABC+OEkTX4KMvyyqzxSDneTxGUIclIn8D/yYt
-4KiA0WRQUVbq0dsY46YxrVFlyNCmQTl8uJc+VwigWlo1I+niWMlButj9N0wsOAh3
-kpg+Q8ViFq74XBg05NzUejqrxcAZm7+aTnDfdBJGm6TfzrRVfkgnLQ8ynFmtP4yR
-2NH4jJTDXZ2kkdSVnDoED2u9Ahj61u7qklhNBEYvg5J6d1E4ZfApgtOi8z5AOD/c
-5PUVXWtxATsPFQKCAQBy27M9go5xINXGkoVk7LxW01hhKgi+xBQoe9CWy/DXil7i
-pwTyWTwlADu9cI8PcxeiObiMqksImh/sgDP2jRqSjA+VZj0t4WIJMWexxbciejho
-KhaYrg/1+s7M2Ls2GIbu9dyNDbfGX324tldgtEg/DTwRtr/VcwbWRr1GCaMc+Qo8
-c9JtSkcv5uzRe0bm4vdGItHF/CHDlhHqfhjTl42xaPEusyAys5oWtgTmaz6CJ1Bq
-Qk/1kR3iR6znaSOEXfysO9il9rcpCBk/cpwWUfDJXB7f2x7+YZalHJ114yZuPzm1
-7oh8JwZHeZd2UIa7xZHoGHzcaIMylN2rgZ0GsFXPAoIBAAOS6j2Ctz8Oj7rwiwF5
-L/x3ruHwG/38PCttjSFjgayUZCT8qZgnjCtDzKymJ6ruIsVHd+z8CAviQ5LsUdwc
-uc6+N0vNdLb/PQYGmKe5m8VJ8Rf+EAl5b9jzR560XUpwEzz0R0ApCW0j0hY/jHLm
-dVggUNtIcN5QXdi/XaYM8cg/o6teFUWU9gTnrpjuzTT/D8nKfZJy6n7QI3eKPLLA
-RrFjJDumW+S9bUIQlR8nc9zUZaqXySZL+BiQ0Eg3uJs3ABjUGnTT04SLh531xyKo
-Vi66Hdas0nbk0jLf9B6Hse3OnXluLM8kRvwToU9zeXGmY8ebjwKmbABnAPc3ppRr
-ykUCggEAK4a/LUhibMxyid61Y6AQe7DQZZv7n3FfK70/fgD2OYdhZzWvaZPf7fef
-95vBwXdxnOZMOC/7iP0vaYB2Qij4r+m9XPWQ/R5UGMBEQuI3zn1jey00ItK49HDi
-jq4xRltBFI3y5mvw8u5v2uoWvjNcpTFDam1f/hAB0wsMrcccXklzsiE8SEc0QWme
-VVhppfd4WJG1/P7juyn3yvPOGrwQ73P6ZTigL6qfEJ94AH4dHnCiOqgHZ7rHQlpa
-g+AxEsZ4BHt49gxtabg6sHue5Di9NCvA/MaGr+d9yaSyaAz/k7qsFJL0TVuBJE2h
-uabNtK2No3EmpBOK31TRSIKWx7bFnw==
------END PRIVATE KEY-----
diff --git a/tests/data/multicert/create_certs.sh b/tests/data/multicert/create_certs.sh
index 8b5e0e7..02f58b4 100755
--- a/tests/data/multicert/create_certs.sh
+++ b/tests/data/multicert/create_certs.sh
@@ -2,27 +2,25 @@
 
 mkdir -p example.com example.org
 
-# create our own CA so we can use rustls without it complaining about using a
-# CA cert as end cert
-openssl req -x509 -newkey rsa:4096 -keyout ca_key.rsa -out ca_cert.pem -days 3650 -nodes -subj "/CN=example CA"
-
 for domain in "example.com" "example.org"
 do
+# create private key
 openssl genpkey -out $domain/key.rsa -algorithm RSA -pkeyopt rsa_keygen_bits:4096
 
+# create config file:
+# the generated certificates must not be CA-capable, otherwise rustls complains
 cat >openssl.conf <<EOT
 [req]
-default_bits       = 4096
+default_bits = 4096
 distinguished_name = req_distinguished_name
-req_extensions     = req_ext
-prompt             = no
+req_extensions = req_ext
+prompt = no
+
+[v3_ca]
+basicConstraints = critical, CA:false
 
 [req_distinguished_name]
-countryName                 = US
-stateOrProvinceName         = CA
-localityName                = Playa Vista
-organizationName            = IANA
-commonName                  = $domain
+commonName = $domain
 
 [req_ext]
 subjectAltName = DNS:$domain
@@ -30,9 +28,9 @@ EOT
 
 openssl req -new -sha256 -out request.csr -key $domain/key.rsa -config openssl.conf
 
-openssl x509 -req -sha256 -days 3650 -in request.csr -CA ca_cert.pem -CAkey ca_key.rsa \
-    -CAcreateserial -out $domain/cert.pem -extensions req_ext -extfile openssl.conf
+openssl x509 -req -sha256 -days 3650 -in request.csr -out $domain/cert.pem \
+	-extensions req_ext -extfile openssl.conf -signkey $domain/key.rsa
 done
 
 # clean up
-rm openssl.conf request.csr ca_cert.srl
+rm openssl.conf request.csr
diff --git a/tests/data/multicert/example.com/cert.pem b/tests/data/multicert/example.com/cert.pem
index 729f066..a7e6a96 100644
--- a/tests/data/multicert/example.com/cert.pem
+++ b/tests/data/multicert/example.com/cert.pem
@@ -1,30 +1,28 @@
 -----BEGIN CERTIFICATE-----
-MIIFEjCCAvqgAwIBAgIUfZVNYuF33/AJqeSsnS5rRwozd5QwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKZXhhbXBsZSBDQTAeFw0yMTAzMDMxNzI1MjNaFw0zMTAz
-MDExNzI1MjNaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwL
-UGxheWEgVmlzdGExDTALBgNVBAoMBElBTkExFDASBgNVBAMMC2V4YW1wbGUuY29t
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAou96HEovfkmfMU75y78Z
-bEMItLDFG/3xHKbVHYCyt4DyOpXj6rztg94aDkE/LsIK8g4M52x5i4CVgX5/5+QZ
-2ZX1rlbhGBpMi82JeArW3qZE+o+Ygu/7Kta2WfnZExcwcXHAsNHVJM3o1qOLo0fR
-0MqR3zyN2gD8/JPRXnHQx9HIE06P1dMfHE1GEOrP7Fivb9I50hzEUrwAVig0GvYF
-azlEBzw2CNmBCaa3t69t/PS+xT4u+G3B/RxjIJIwD0Krm2Q07eLDwU9EWwjWjzCP
-FADCuT2rOiCfDgZzDXO/EbCSvWYI1ZBhej9aYV2YdU4kWu00ITK/Gyt2ksJNl9OG
-0B+1ZSirgHkSjrptaD9X6iSULRUdwAitwyJ+dhvkBXVeEGt2no8Z4Q1B93OvNwZi
-Q7VJlP2qYEYwgoeUMX8jx9WRPlO58VctUUDG6CjVcoDPnHeM3/DnF6NC7FTxhEPQ
-23fOBMOgrlR/a6q4EYdjUlfzEo9Pfhiz2Yetet4LApzjZRQKYhnf/InDN+v9w/5z
-FkHd7atHW2HeuNgJ3hgcc4vBeWZIae8gd+J1Yp4MjVkjqRr0cuUZ49gpXNDk/w4v
-MmSuwJ1PSbV7sw6PHAxT+NGxidETUE3CvWxi2jLF37eSUW3oYjFsqYpHxdzSniaS
-WPacD7l35wqKULt+wql9PvkCAwEAAaMaMBgwFgYDVR0RBA8wDYILZXhhbXBsZS5j
-b20wDQYJKoZIhvcNAQELBQADggIBAEa4xORywXbIN+sLHVocO8pSVAdzd2dS0aME
-cPtLNc+W7eNE2NcTm8Tr4+qSWXwOxqa1Ax/UBaVOOvfmARNG3SEBE5POC0WCCKde
-samGCuRtVjIxvmgHAwKvJoe8CtiWuOxeXfuqSRN5ej6ViMIz67Y2c1hJuzXnTjK1
-6cyMBVNN0tw7tyO6EuOpsp6daua2jQMO9lxR6m8Vtrk02Ze1YtGlLfC1flGuj/qe
-HB6LHEA9fvgnjFpls1Dlxy4LWFMH5ggiMeAFaCz4+2I1gbZJjqJfYwIQk2ksePv+
-IAhaAfhaWANyGrd4I5STQCWcfypTsHdMsU+XsWr4/aPrw4s1aTvPezUS97YVyXyO
-H4sQ70I1QR6Ln73ZTCNL8io25cVSMh5NVfvBXu2zkeOq0wm2Yxiks+lIJFYZRusn
-KL4Spwcc0dxD4kcy3w2MZtvvPtqmteWkei+6v00SU5uCFUIqYBPZh6SPi45+XkSy
-hxz2bxFKEvjPfDasd9t2MxGV4NVxix0IXpKs8LxJ54utnCvE5DeQU+VuB92WUzvd
-SROSk+lWeBao9CdLpJ9bXF8MQHhzgfyzTrfCyexPPxk5CSzO5vcOhCCWdWhzr60Q
-HXq3kDzGIwb0sN6b9OWZGTi0D4GG6CfysyX+UP8dzzxAv2+xKFpTbzfUNCqdlDZd
-BxvkUq5c
+MIIE1DCCArygAwIBAgIUDZjgSq0hJCJPEjCho3BZxrR0S2AwDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wHhcNMjEwMzExMjEyMDA5WhcNMzEw
+MzA5MjEyMDA5WjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAKCvZP1hCE3kzcjHrRpmsB22qmz1zq5AyiviJfKA
+bL/CoPxiH/t53ZxtKH2SKwF9l3YpMc+pVP0BsgNOXIaQyX0cS5Nq0mgrPnShGQlq
+8M/8DzqKaoOYBBxxODaw25BWTq0ljWj0Sz3ksa91ayxK/whfK1rmNzKjyIYzvbdO
+j6qIEXYFHyFqzLXOpunj2s+nZKwKxX0GWkM2qB8mwLHOq0JNufYDkzPvyiZPru1N
+23SoMiCEGu0uRjvHalg8ehuRito20UeD1HHfy6Gr/S1nzNumRTD0iMpySNMpz/cf
+d6/9u/C7pC73qc4hfXerS02ffwEm+ulQEDwZ7QiS8CbSIfkLyG93O1LXr6fhqLPi
+505wCia9V2Iq93zlGUBP/zDqaMoISwohKFvrvpYlQG4LI8b0j+To9YOFwSsekPZf
+4rfOLIBwPsE8knAycnN7D2GYXeuo3tMh4lPKgV7IoG6CUzRLoZ8pGIZnjVqO0I5R
+1w5CU48RqlL+tsYdNSphBBKPLnUro9WOG9UIKo3C0ccij86vLU/9L2gGT//oTIUN
+suR9e8eoK8Yos+fef3+vOWgbeK+Isi09Hq70j0vatACtWBE6Z7ROhW2ytiD3LD5g
+MN7Yk5mEV6t/y0dhDffIjvBS4tS+idWr2jvt0KgRE2JzV6iMAg7C0fdCYg1WuQer
+1GWZAgMBAAGjGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMA0GCSqGSIb3DQEB
+CwUAA4ICAQAmfm4cDU6SVxzMgInZcwPIW7NTSzly7WzCHhaGYqkgCrEmu+2DEKzq
+c8lIe5SBHQCs6y8LRdNAJ9I3dMnXw9x97/lrKwg9+C6xnjqcDYRG3DzGsAz0OF1A
+AWboIdnPSnHeicmDK0C4i7/VghJmpozcOF0HCnfo0zDhhyCOAhv7fT3TCk/kDCJd
+uQA2EJRwnvrfbuhddFzpdkoZJQeSsPmJvTqQoAap8tKxmrkDo6GZSVRMFelCL5e0
+6nQQQfb5Qo97/lHHXfP9JycYc+AqRzvuc6bZiEJG2FeWJb3QCOTULfAbpksem6WA
+tNtJ4Vv/snX0Wcy6zmTxXH0HbFmXM2Xdd2adiZVQU++Ck8jrzxHUtiG08E0VnXvQ
+nABixB7aWQkDWCCR3k4QBBsGSPCIQ15d8RsC1HGxTs7zmGE2ic3rWEgzGkpaIvIN
+aai5cmRey/mRIauWrG+juOHemSQ4WlLeSnDixcrlQP63WkKf9j4yKgUjbRULT/LO
+QjH4n7ckoj3d+CGIvlQN94tn0xM38iya+43ytC0LUFNYd+BjxkFZI5kKaFh6vYmZ
+tKjrL496Jd/L3knjIRTPh1L6TpINSYFhMqzXHFJNsRViI/4YtiilJlo5NX18ejMO
+mYLcKU4xS9u7rmBpQyIFmwlLCYAh8X1yKAvezLzeGy0x9+iramaOPg==
 -----END CERTIFICATE-----
diff --git a/tests/data/multicert/example.com/key.rsa b/tests/data/multicert/example.com/key.rsa
index d58eb19..c960ff1 100644
--- a/tests/data/multicert/example.com/key.rsa
+++ b/tests/data/multicert/example.com/key.rsa
@@ -1,52 +1,52 @@
 -----BEGIN PRIVATE KEY-----
-MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQCi73ocSi9+SZ8x
-TvnLvxlsQwi0sMUb/fEcptUdgLK3gPI6lePqvO2D3hoOQT8uwgryDgznbHmLgJWB
-fn/n5BnZlfWuVuEYGkyLzYl4CtbepkT6j5iC7/sq1rZZ+dkTFzBxccCw0dUkzejW
-o4ujR9HQypHfPI3aAPz8k9FecdDH0cgTTo/V0x8cTUYQ6s/sWK9v0jnSHMRSvABW
-KDQa9gVrOUQHPDYI2YEJpre3r2389L7FPi74bcH9HGMgkjAPQqubZDTt4sPBT0Rb
-CNaPMI8UAMK5Pas6IJ8OBnMNc78RsJK9ZgjVkGF6P1phXZh1TiRa7TQhMr8bK3aS
-wk2X04bQH7VlKKuAeRKOum1oP1fqJJQtFR3ACK3DIn52G+QFdV4Qa3aejxnhDUH3
-c683BmJDtUmU/apgRjCCh5QxfyPH1ZE+U7nxVy1RQMboKNVygM+cd4zf8OcXo0Ls
-VPGEQ9Dbd84Ew6CuVH9rqrgRh2NSV/MSj09+GLPZh6163gsCnONlFApiGd/8icM3
-6/3D/nMWQd3tq0dbYd642AneGBxzi8F5Zkhp7yB34nVingyNWSOpGvRy5Rnj2Clc
-0OT/Di8yZK7AnU9JtXuzDo8cDFP40bGJ0RNQTcK9bGLaMsXft5JRbehiMWypikfF
-3NKeJpJY9pwPuXfnCopQu37CqX0++QIDAQABAoICAF/RDLJOPhe6G8/XbbaPrten
-pBr+SSvo7j23LmSnJnIbdldVhi6o49REbHYtkIZiviUSdiwx8lhDSahZR8aKsVjv
-gwb/OGgALzuXp1vco/dTOAVRJJL7pWzPz3SiJTHA1VAhYPuaqgl2vZJbouZmedCb
-D6WD6rdlFWFDXEB6FhksGMihzpwkB4uRNb8FFzkZ/jF4I2CYYit1O41vHxUr0Iv5
-pTPMCMqzfdq7HBb9J2U2WGmN4/lcMlQyuWiSD4kp39kF2Mp8LDol70DJtcOG/tz4
-hYqB5YvNWzvYNxiWFKrGd8TBmDhfK7PERdY0QE/boC2IiLttKE1GBfjQIulCD2is
-x0DmcU4bry/k92itU47DOpDONqVkMNvVj0pwzJve0yJOdvWrw5SbIBg7UDsgZiZJ
-7uiWxBpLGXHolGOYxOQyq73Bm8h7/5lQgy1Kx0Iy2NJZsXi6G4I4uDJlphPB6zkP
-AC2X4GyoHLpbZDwkmF1J8G2SLv/uzEHTwMaT2p6xNopPtoKKFz7jvO06c7F0tXhd
-MiC2blxulKF/WuRDT9kxVOyk8WIYjqFhHiwbgY4WT76pyxqpX/B20VoFAThgksla
-dF4Hy/fX6yRdvbj6gf8OHifLPSH4DeXhCKGSOS7hXibNqvGOVdcjeWI19ahkmhKj
-x/hjq+IG3iQbLHnwK1dxAoIBAQDMsROJ/o2OFoXXXTgUdGNaBoGyvLTFVOSzx0NM
-1cRQa3c5os2sHlUKOqcnKNM7VM5MTmgMDs0bBy2cXZUxknae6MyxHXWjkdwfPclv
-UgsIa3UxsoSSv5hBUVbqI2f7vAGYUF3H0az5ulv9iPgkG6H/gYPfZP8MUPn/E2Y8
-2+sXdaWqu4Xhi2EHXlQuKJxnem+c5sW9yjk2lzz2FpZAWPbjWYjSDeH/fWtpXycx
-F+gjeuQJ2CS/D6Y2f33/G3f5Y857TDjbYspvH8owHSdBEVZmLqzFKp+ls747RZsD
-xvZk3L6CFKWntoaoT3CtNMzKz5kthtgcar4X5IzbzvlPe3W3AoIBAQDLxu5zOCT4
-BYysEYF3WudvAvmS88qnLnabtD/NBCB+ai56zmUTLAH9hiK1hpYPHazH7wQzfwgp
-JNWwbPigFxb5tQ/L1l1p2VRzDGp9HdJEUihfQT7jRHTcBA43wupNxi9Ht0c5yFUt
-wFeMCMMVZozpotj8TOWRvSBqvygTFKoia+QW20RDbMC9iikekTCRUa3hV5CpgLpa
-x2q+xPIIyL6R1Y26GowfCFi0EyRTRza06ppwTGTBnY7dFo/WoMKqVbn2hod20wTl
-JZldwPTs4L2uCK7OSZUEGOUASfJMVkrKbQmHrIZM7Hz/q+7zJP1DaAt/QTBqWruD
-4H2/Uh7gH3DPAoIBAQC9p/i1rHEWTRIX+RyD/08q08qKhMRt7nm1hZR69bpe1SPz
-+D/fEX+z6aKE6xPE7o/zLdbEDVbHi0AcmK0q8E0Och9uoCAmvXgaTlJ83aSxWXeN
-451opzN4mdgRO1sWaR2FNjmeck12WdDwOl/IfP390tAQRfD3RXRNfnkFPLM32l70
-samb0FvHywPufNxmGJCf7Ucc0elvBnSKg2UWHBgtkQDvt8NFybyjNnIGz+LcNPpj
-kKyDhwl3h2uD2rywC2T+4yHvTDrK+caKDAkaBelq5iZYzWR80O0a2CSIPGqCC/JM
-brsKiVl9S5XYNormA7Im98D3m4OkebR12fEwTvFDAoIBAQCGonTBI4Mpa2E5/obv
-eNwX+Hs0oGZwdr5euYS9y9A8NaNn+B3HwPe/rXQZQ0a5zf1uS3kXHQMjS/bzjcvm
-2dqQORSqtIMbgD/Pk5B4Ac/+29lYth76wSwEgZlzNhDgOeTbGTix8K52f/JXzyI1
-bYAEjVeXuqai17YnUQ0FLk4KWAZnI4/CjIP7tuDcFUllefXMQLKPi0GU4NSiHjVb
-oGZorBPrtcaGallRAKSrcQ2wEqDfOVoIojTV1iZKxARZzjIDs3alB17glyrxSp+I
-MiSga5QzL2KJRnlm63RvA0R+4fO99Dr3b/hWZB6H/xRmCMQv275FRpVF2Hi8g2Fq
-6tr5AoIBAQDH31/WmdsBsKvpdjLBQcjIcbv/aYgQgEIhSoUkfPK/Hq2GW2vJutOJ
-V0IUWZKGwk/NZfB2Wi6lajqJBiDFdN8c3HNznj4WlOyOD2Z3LpVmfc8vJyaPeV/d
-rCc3UsFRDp+Fu3QeTyzlIieOT5N7KYI31U/iSiV27+zBcHuigZvTmNd6QaRYiygd
-J3f/NghVcNPOLhwykhf8m3emlYcWAzyU2eprYGhkpkSM/+o38qRG3AZGWTZV1T1d
-hZP5ts6s3H2rqwM8ljco0YFAcbGSTutrXXD0jxzqcRTgI4nhUDy82A0tg4BLrGuV
-InJUrZvi2SewLbqRM6VqYRNUJFIdHkUM
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCgr2T9YQhN5M3I
+x60aZrAdtqps9c6uQMor4iXygGy/wqD8Yh/7ed2cbSh9kisBfZd2KTHPqVT9AbID
+TlyGkMl9HEuTatJoKz50oRkJavDP/A86imqDmAQccTg2sNuQVk6tJY1o9Es95LGv
+dWssSv8IXyta5jcyo8iGM723To+qiBF2BR8hasy1zqbp49rPp2SsCsV9BlpDNqgf
+JsCxzqtCTbn2A5Mz78omT67tTdt0qDIghBrtLkY7x2pYPHobkYraNtFHg9Rx38uh
+q/0tZ8zbpkUw9IjKckjTKc/3H3ev/bvwu6Qu96nOIX13q0tNn38BJvrpUBA8Ge0I
+kvAm0iH5C8hvdztS16+n4aiz4udOcAomvVdiKvd85RlAT/8w6mjKCEsKIShb676W
+JUBuCyPG9I/k6PWDhcErHpD2X+K3ziyAcD7BPJJwMnJzew9hmF3rqN7TIeJTyoFe
+yKBuglM0S6GfKRiGZ41ajtCOUdcOQlOPEapS/rbGHTUqYQQSjy51K6PVjhvVCCqN
+wtHHIo/Ory1P/S9oBk//6EyFDbLkfXvHqCvGKLPn3n9/rzloG3iviLItPR6u9I9L
+2rQArVgROme0ToVtsrYg9yw+YDDe2JOZhFerf8tHYQ33yI7wUuLUvonVq9o77dCo
+ERNic1eojAIOwtH3QmINVrkHq9RlmQIDAQABAoICAGUFwJV4ktL+Hc60kwU9OE6G
+EGHOrLFrNHAgj0EGMtjg0Xu7aWYeeRCmpEVGR1l5j2cPgSyQxkkG7tcbRhqoHrVU
+u8Mj7sLlJTAINIhyPpJUY3KnoU24niUPnYrs6C23xWEgceZhaIiyJnAsf0Pqpqqp
+wsU0ZdGlnSWalBUSBErvnyK3F5pX3foTwWbdBS12jVmIsB7phogpbcuf/pgLWiqm
+WVrtZnfJsysg/9ZcE7QlJtbAl3k0lZ1xw09UPmTkvQpyWmL+4+rwC8NKMTOBxg72
+WxvrMbEt5tEzwXcZxpLUEHvKTO/mb1CUR6CcBgz4UM31ptxWpM5UcmzojKmrhQVi
+cUklkwua4ugYhGPd3307wChD4xiHpSw/r/zEVQR3OZVYDHMF2QGvrCe5ZPgxnZvS
+UZLsb1vjnTYxhUaIfWRDZATtkrCxadv5qE7NYQktd/hBQeWw2A98HHaSgUbI/Z2C
+Ts4ZJHlAdxj/m6Sovu7oiZMQzMpzM88JYK7tQL3hCCX2B9Nopqml/C92sj8C0Nn9
+QiIG9X9tM8GDVPWIo+HZ0Uk5W/nuDBO+4rN2nLrULoIv9mgvfA5woVP2yBBZp+N9
+pjL080SOuuclvsnfGBPBJ/HSnUyFpiXrmnVFVkv+yLzZxTrwsCrZwllRgvd3u6iY
+c/SaYaC+wkbcoE3xOtktAoIBAQDUamxIP+ajY5fu6KNXsHS6Rbg5oREpBUAdeTSQ
+poWI15NgIqAVws2OtrMKpcFrVbDtIdaPEXk/lgk7uAIVC3tFEf7E3mJkxEI1msA3
+JA/BV1JiryImwAnb6NCoBkNbp4YjYRdCQJz0Q726TyPYBXs3Xk1UYRY4dzgFCxnr
+iIVEeTzJkee1ANUvPWkuHyKdL2chz1TetHR6VhLdgP5u2QxVVnv/YrWT8+3SAqbB
+GbNbXMewsBgNp+CCJL3dazOQD4kJyx5t6iR2FbzE6SuOTQiZG4I8lRnHMdW0cVjp
+ZhyLnoFqz+SzfkudnCbc0N5Fx3Xn9B4plLFOI6eGbcy/9cB7AoIBAQDBp7cawD3M
+fBvOdmY1fUaU1dJ6OPOJ6pu8bxCcP+rlg/BOyhLPaJ2pgmOeisid9GmFirDf2CVr
+YnL7T9k8Twb/j78Z7eEZz3NvV8ANzC0MfsGgiW2ThNoc8j5rT1ke08B/t/0GpRkx
+RugygzdQf2IGQG6aJtPVovhTU9uyhC/3NZcIbzRIkZmktk8kP316LNYuxXPqE00l
++VmSn645vfAnYXBALgOaBlqxxFChbXq5+XuIjQH013PJaGhMwBFeEo0jb34xI9ER
+iRleEj2ZG8GQHH85AMlo586MwTK4ipH/1tVm9jK31cM7MOaNwiJkKEfwVGpGTg90
+yyCv1dxEXvf7AoIBAQDMDAtGgDPi4mnxswIt2zDWOuEUYvfkCsojRepLxdrisAs/
+PyO+o6nonPJymPWrUN6rfGTqfCOYBF2MQ1+kranVmMq+fM3R9IGRkr1werCzzlky
+uP+6b6FI4WWG8rVD1zJQzBSWrRDYyDX6Qcmx2toZPvpTwwugZE2o8pgMnNFADKJr
+E0CcrFcdkQV3q6sJiZ6taMgjQv/dANAQfbhr7Q4e7/wfQMgifyEGK0valQCpFAAz
+Z4VDoO9WtUq55x/aFEJU6QyrE0/BK3JxSXdws+k9gqJh5eykX+fk9Tkuw8tKB5JU
+c65DCmBC39ypI+9Q4qENl4Bd+xszb6aeyNz1zXH/AoIBACXsVB02/GMpAsEByq46
+5DGNVfR9ZqPhf7H9BgGzOqrLlam4RMq9L/LcB+oqP3M/Q9LVACI1z84hr2arkl0P
+FM3DNqc7QFOvnml1g7SwATprMDvh7cVvxM7aWYLmPQueaBoay8AbYL2Xpy0NKS3o
+ZCfZQk+Jvv4dNggLagChhkshAXyzWkfDy5TH5uOwU0Azu5XZMQPr17XSCMp/3ryM
+B5WOrU7ENAxbpjMdwLR8HgaBZsGs628pKhGNEq/FBSGo/F6uHMY+v1hxwrf7Vni/
+SL6R9hARqV+T1Y0W4HnnGQRC6/OHzxLVF7BluSCVneqDQOM9hLpT2w8CIFqOxN3W
+wzUCggEAPbS/XHzASitRWD9oYA3y+vo/BJW0hkyVaCV1uni/0/oSFZ9NrKV8iXn5
+GYXl/HCN9SlLJBV08tKb9w5evOqC/nD4B2Ape0CXvhXDDLxTDAAPyAtEWXIi6moX
+7HOrttpABaUB1qK03UVsb8S23Q8mDBlv0chsbNBEvdMtl5Lrw/u4rvHH4Kbv8N9x
+89pnI4DwGbcj7y+AYr+QN4WDgcAlAvjsNq6qJFlcr9SPeNeSojHHfW3ipEE5YWG+
+V+VsqdeU4E4svwYdqDejETFrrykpLkf1ISTV4xs6b0Wv94RYUEZ8FXQYj6AZpIb1
+q+T6LY6tbtpB+11HBnD4I79WCYf4DA==
 -----END PRIVATE KEY-----
diff --git a/tests/data/multicert/example.org/cert.pem b/tests/data/multicert/example.org/cert.pem
index c6638b8..5340e9e 100644
--- a/tests/data/multicert/example.org/cert.pem
+++ b/tests/data/multicert/example.org/cert.pem
@@ -1,30 +1,28 @@
 -----BEGIN CERTIFICATE-----
-MIIFEjCCAvqgAwIBAgIUfZVNYuF33/AJqeSsnS5rRwozd5UwDQYJKoZIhvcNAQEL
-BQAwFTETMBEGA1UEAwwKZXhhbXBsZSBDQTAeFw0yMTAzMDMxNzI1MjRaFw0zMTAz
-MDExNzI1MjRaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwL
-UGxheWEgVmlzdGExDTALBgNVBAoMBElBTkExFDASBgNVBAMMC2V4YW1wbGUub3Jn
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA06+1Ae1TNlSNsh+UIyzb
-3I4d6RAzNbk0H6xpyvYkj7xq/RvyeTjCJRqPIdbQcG5xbWdTYxLUUCcVAbti6Pmc
-SGE7PbBBZshNNNvfUG1umApxMKCF61xVU4m9zUJ/znAfoRzvYbIz6XOkRedBl79r
-kiMfX6AWCdyS5LDBBCKDzTCxDQIjUTzbX41LmHs32+pKXxyfQAkn7p9YJkCWnEyg
-CaMh+fpdQ2SfIRgozn2Qs2egfWtz7IkWTKfCV5b6LKuNFf9Umn/BIqKbKJoto7KZ
-ufD6XUygri5xhpgr2NNvkkV2DX4JZ4L0PgSemUkboWs72+uuhL9qEQXfX3esUcQm
-jUMPkCA1kg2ZPSACtUOWlYrkzTTQSex+XYhSjdlcmcthwGS7SZCerllQ/tEhZhed
-aQ1VYnXkYn1/WUivj/DIsGrXbf4PerSsbEBVf7B5Keg4e6rA8ULx9ZkT5Z85ensS
-KX/cz/Orf/Al4ehKyDqRucpWkQPnRxT+wM/hgNXH/s1ufDuiTqVJoJt0rtuCWxjz
-0l+KbQkOt9tjfTrIF/LQADkoUUt/PvRX12AVH9Zndffh3mlQwM6tFuisAg0XIjSH
-AlB7hIawywCo36dAZjzq4IRieFVYSyXLE1aTm9glZSKM0KSUVfpIeCgKYUjlCayP
-fiQhqWmIA7qxpqeM5WJBt9sCAwEAAaMaMBgwFgYDVR0RBA8wDYILZXhhbXBsZS5v
-cmcwDQYJKoZIhvcNAQELBQADggIBAExu3Kgf8bmNO706rq8Efubre8KBxx4rvUu3
-nPsfqPZFCIsupYZdZRWOinSP1LmdkOYhN0LCSZ+YvEqU1WCfM8kdGzBqCdq+mDu9
-OC7jfI//MlRbUUcnGnujI+6bNWhV+aT/Hplg4bBJAgyTszd4aWTWQgTXUaBkJFSb
-pIMUvBJH4k0VHON4JexaE93e6TQXh1f3sMU7ypEx7Ub5T3WLh94b6NHm9eNR9FkL
-pGmBlKwML0YJzzRg9sE/vz4PWqoMa673dnnauj/mugTO96GW4paUBgJsvoUM2jZu
-FOzRYVXQbfTK7GM+pc1dxUTg3GzHT/UTCXazXZUJyL+NEP0+RFNp5eU/3l4Ra0gf
-fOV+WrKp+RqL5hIrNp/b9f95pQlkNIfi/iosG7sqGHkLp4REm934wsvMjN2DFE1l
-jG5W0AgAT8y9dA8Neb9B5jYVuuo5u2jdQLFowQqgpvR2MNcqkdhroepJf1pALWoY
-1OYOmV1QRLh/LjQ1v75e3aHIcUYbm3AkVbliyLCpVB1ijWhIP5qOb1I2Gc9LPnLN
-ovneqby+tntKA4WJuUTyi8/OVJbZ6/QvGYJ7JvycUYi6JQb3+gzsVzPN+/oU0lRe
-dCSzZXsOdh5tkg4m2FWm9gi/xz3lNNTeFldW+ZLsT+MvX27MNrCShMsoP7J9uRU3
-x2Ehf7/D
+MIIE1DCCArygAwIBAgIUVpgbY7cDU3z0VcZgYV14fgF0qcswDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLZXhhbXBsZS5vcmcwHhcNMjEwMzExMjEyMDA5WhcNMzEw
+MzA5MjEyMDA5WjAWMRQwEgYDVQQDDAtleGFtcGxlLm9yZzCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAK0MOqzesRj6psy6XMcQz72jUCiaKTP/bamWyaDx
+AcM0S0McCl0dpXpeID6+i4l/fQKP3OjJIH7pC55mRxjJZVWdhoSdvW/5/dli/uxp
+o5pHH6a9ktnvOXHgw8kkbp3DVvu4JpJvuoKd67dll931sO5nVCCTJkNwg+/QhP+R
+I43JuZKZVOQpsY7f3sZl6ASJuThgifxlCF0mrsabx+Yk0Ug6SLAIson/OHeGaCiB
+Xlj0+kCxFGWsFHOTy55HHJKuGvtadc/MJdGrVCUUHjq3Les8wQXuzQUG+8QJOm2h
+tVkWXJRZtumUUHVi+rqWRRBO1yLih5r/Yv8qN5Ba+c4AQcT0uDyKd3ar6SjRgWDU
+ZoJbA0Ar4ydGlkQu9KZVY2Z20Hx+R+xKmzz6BwnKS3X8BnOYhprwOlZNY6qCpygq
+wiDtMJfI210kDeXSuURXfWvrrOQRhO4fQzmrg4o7DsF2WOU9kY7fgxY9ObTUTp24
+j2g2p/I5S0JHRpmQhYIXU1UErbb3JqUGrOueUf5fdIu0VWWjXAbGsl4WkzXZGBbS
+VkKQ4oArLa7BFbJkC/+z8ttTanIyPI5SKNDGXWRRR5fB/r9t5I6X5Ep0+c+zE4so
+Jj7SKv6ygvnKoHckuaBCaNJB4Pq9fv7IFZzf5bo3CGSlJi1NTtAB32I+k2ZGqVBX
+Yh3HAgMBAAGjGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUub3JnMA0GCSqGSIb3DQEB
+CwUAA4ICAQBBG6f0T9nQfHV0G0bmTPUVbAVJuYtiDBSBOP/uactOWsmw65GPq1k8
+UAYmqYfm5kWl8tsjNWzt8mfm+mQVVGp0c+OM2ltAQ03GPpZzkZLtHpTiOZ/1mcP3
+D3kInj5jUOp/8k7ZWawsOhJcKP5n8ZQYTjKPvo3lD3lDXQVNyHtO/2IwjFeiiD1F
+fx1ZQ2ohLD9f88KkUyYrujzJyCvjyTOF195PrJBLPlho40R+A0AJTm0VBTU3I33l
+G+8twaVzcspGKFOwpwuLpFXPby6H1nrmc7/En/nzYniSmCjTU/dOsHVZRHxB0T7t
+WjsPrDA6SHtmvic0Avk3dxEKRHyzSwiL57lSeZnqovm06DfbGyL7rb7VIrAvNE5I
+eZUforj6QsNUQENb46LqgQkQ/vStGZ7jHFM81PeW/r/J0XmjU/SG2y8op1gT98Qz
+jThR5uA2fw2BTIulQq4awQC0K5uXlmMuiliip2MleDp67y9q7z9oxahY/umdw4ki
+8I76mZKe+9QipBVPilLWZy9lJyPvZgpr3oZMyHKWUR1D30hVeFpRG5kyvSt115GC
+EHXAUbp//AlrWNBLoPLeXoqrZNUfdDiUaQ1wqB7OgUkB1dCzp0XsSTGo6ryDyjd7
+d39ID7e3QFP8zCuFEcmB8AmE09zAGeAZXFMA+xXWV3H7DQIwVSkOwA==
 -----END CERTIFICATE-----
diff --git a/tests/data/multicert/example.org/key.rsa b/tests/data/multicert/example.org/key.rsa
index 92905c2..3f849ae 100644
--- a/tests/data/multicert/example.org/key.rsa
+++ b/tests/data/multicert/example.org/key.rsa
@@ -1,52 +1,52 @@
 -----BEGIN PRIVATE KEY-----
-MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDTr7UB7VM2VI2y
-H5QjLNvcjh3pEDM1uTQfrGnK9iSPvGr9G/J5OMIlGo8h1tBwbnFtZ1NjEtRQJxUB
-u2Lo+ZxIYTs9sEFmyE00299QbW6YCnEwoIXrXFVTib3NQn/OcB+hHO9hsjPpc6RF
-50GXv2uSIx9foBYJ3JLksMEEIoPNMLENAiNRPNtfjUuYezfb6kpfHJ9ACSfun1gm
-QJacTKAJoyH5+l1DZJ8hGCjOfZCzZ6B9a3PsiRZMp8JXlvosq40V/1Saf8Eiopso
-mi2jspm58PpdTKCuLnGGmCvY02+SRXYNfglngvQ+BJ6ZSRuhazvb666Ev2oRBd9f
-d6xRxCaNQw+QIDWSDZk9IAK1Q5aViuTNNNBJ7H5diFKN2VyZy2HAZLtJkJ6uWVD+
-0SFmF51pDVVideRifX9ZSK+P8Miwatdt/g96tKxsQFV/sHkp6Dh7qsDxQvH1mRPl
-nzl6exIpf9zP86t/8CXh6ErIOpG5ylaRA+dHFP7Az+GA1cf+zW58O6JOpUmgm3Su
-24JbGPPSX4ptCQ6322N9OsgX8tAAOShRS38+9FfXYBUf1md19+HeaVDAzq0W6KwC
-DRciNIcCUHuEhrDLAKjfp0BmPOrghGJ4VVhLJcsTVpOb2CVlIozQpJRV+kh4KAph
-SOUJrI9+JCGpaYgDurGmp4zlYkG32wIDAQABAoICAAIjZjqswQhtdjj0ZLSuQVJL
-BTZTeZDzW/lt7mukbN4e0x3XaG2dCykAya1X1Cculmq6fncju41Lt8SatfcQfmmk
-wcpvu1lkcJM2HV1cnZ9fi6EoHfIwrpP3cjlekJfvPgKMnkZoXGnhRymFmn4D6vxA
-6pI2tcJHvhwdRPXbu2UZNtCg0uaBLN4cOUVDCV9pUHMBgQJOlV6tsWBBisPtajhu
-s2spAkQqAgl9ivv6/LkzNMXPjg43nEgN8cKcvc4xtW0hdSNSYwsMhXC1jfx3U2Iz
-cvP6UC0yPudTJi48hIX/uZ+NRF8NTZZKyadWu7a3tJUWHl8s589gNc9rEAyLZLBH
-5oHo+/+Fcn2+e6KDq23RzcMvcL9WlSbi9EOkTMZadLD2cC0dPQtvfxTo4iP2KMBS
-S4z0fesxQ34gXlu53wwp7gR7cw0rjnF6W1Jzr6V7AT9Cohztldn67TBfL6p3PAZx
-yjMx0v1QhPrz4u/W6t9KJ+z8ppvCzfUcFUXqxEB61SA7Hrwbw7tx3aYac7Y7x7ma
-JZpoxW2bn1CDUkaa0pPNKhtQCETA+nUWMPUyE+TQ/i7tKzPkifg3ROUEiYNQeB37
-fljsWOeXjP2J4nnwJpuE8vUbIXGXFnDHLIbK6uQDqQdCuNiXLa2oEXF5cAs0Ccvu
-9/B3P3QugHGlxEYH0j6hAoIBAQDwoOZK44oTTkUqoCjcCqC2hxa6cHKo3ZVD7nwi
-+Rro3SHPvBxXWjKrM/VnArY0m7l4YRMeagiMHBTJt0eL6Rg0kxBRiSZiFzbDEfHX
-0hfVel0TDnvqNXqCnHMnkahftwu7+N/ghRE2qw8XUSoRmJ0ilK9r8WN8yUoRq3nD
-RwIJyBQj0WCxeUcgw2IMdaVEOlwwNXsa85N6ifPRGcur8J/7D5BvEr0pryK62NIU
-EBirr8w7S8gk6KgegrzXqQSi8bdfYQXUW7GoUIGdDx+bPrA0sS/u+IJlJ3dmcBWy
-6fItkLN0q3i9gApSdC0P9rTPIfmluklc+fVOf3LQvEGqi/MzAoIBAQDhNYEJ8rSp
-2lzmKCghMB4eAIVJrOGT36JUMAUeo2+2zYuVVGzet3YOlxRBfwl8o+q65q2uiSsU
-sypA6MclJ4ItsHwLD8HpjE0n4QSP6egOmB6jimkWsdIuw4NWYlkbKoPtZ8+VAzBE
-lIzftm/PwViVf7L3PzRBsgRDFxdMcc98pf7QSeFieUJuqx/pas061MUfZb69cZ4r
-5qHqiTPgUyWQHTWXwIFPN8MW6QMcaM6lhmeBf4ieOCcoFpj1CBURapSREpl/WolQ
-YsYcv6cQ1U6lW2mfZOtZw178yEYqxMGh04pVxAGUEyCXSdAcgEJFc7c+QnhW1W5X
-2G3DgppmZSi5AoIBAQC6kEV9MsXPChReZCbJ1AOfAUYB70U23/Xm4XSluPXALhMU
-+QgQQgKe8n4GC/gw+bvnNXyZTCSsXOlRLCTwuRznRk6UqP11eAIhZDxZ1K5d+a1I
-JSa2BBikQ6CUwT4GV+llKCSL8x/RfvcIYQl48xaBxT3tNw6npXkkEgsp+FgANXxH
-+QI7F4iqQlI2ztAAAi+PwSddUhS6IVNEf/eFq96dzQdy1tiLBRqsO4dFvuUh1/9E
-yhC3bRtL7Jl1q7nIjBhcfuECMMWhdinIF/2tZAFCGU7MvSh8PQk6BxULzo7R/Srl
-/jxy0F8wZpq5kdHF9tWURMa0q6gh4HaomA1hqXg5AoIBAFHPPNvfRc+52itlhQZh
-U190svaLjbpI79ADTajOmCNg0Ybij1XscT9llF8ihdC4Pum8KHWRsIupdfz0Untl
-ub1dMgJWrAtqAxEshZq9zqWWjvK7secjm4WPUmOMAHCE5j3UiyzHZr5S9EXEISPo
-SYStSdbVJ+eBgljYx4bmhQfzyPfjDrPV9tL66PHC8WCgsCbyr/JjlqC9/C2Vv7mK
-mseaRMCmlpKvX/gvlwi37fFlPK5nJLrNDTRb2R6R3A1imSuGBSqlOeJwryT8XfUY
-d6RL67eSUoheF2BeZFbe+LQPg14agLRIqnsqviXMVcai/XrpbIumppnUrjLqe6oc
-r0kCggEAGHcAznWzia75hu6LYD+dxqeMxCkBYiaO4p4sJPKkJ6v9ydEFFBC8YakT
-rbHrrRRdLCh4m0lRNb0pNmgRVwFr6Qklivn2s0IgqwlGuTKWJZX9DE+XbpvgUkJg
-L6ykeUVmg5xIqvqMnDI2sEOiqMqNi/Jcjo4SIOmCkkY9JClIB0wnJQKwb4NIAzhX
-KlJKFVpi5319/hqK42U73uNLx82ovUf3vOLMg7hq38mMBQ/zY3XNbafHTnGba6k4
-CX3+tamjFXYa764LFfRGDMEfObj//xNc8mzgeriHvnXq2wKiUQFhL2eWctzoCc0U
-qfiBmJzFlawFcVPsqJ+vKe8KGEXNQw==
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQCtDDqs3rEY+qbM
+ulzHEM+9o1Aomikz/22plsmg8QHDNEtDHApdHaV6XiA+vouJf30Cj9zoySB+6Que
+ZkcYyWVVnYaEnb1v+f3ZYv7saaOaRx+mvZLZ7zlx4MPJJG6dw1b7uCaSb7qCneu3
+ZZfd9bDuZ1QgkyZDcIPv0IT/kSONybmSmVTkKbGO397GZegEibk4YIn8ZQhdJq7G
+m8fmJNFIOkiwCLKJ/zh3hmgogV5Y9PpAsRRlrBRzk8ueRxySrhr7WnXPzCXRq1Ql
+FB46ty3rPMEF7s0FBvvECTptobVZFlyUWbbplFB1Yvq6lkUQTtci4oea/2L/KjeQ
+WvnOAEHE9Lg8ind2q+ko0YFg1GaCWwNAK+MnRpZELvSmVWNmdtB8fkfsSps8+gcJ
+ykt1/AZzmIaa8DpWTWOqgqcoKsIg7TCXyNtdJA3l0rlEV31r66zkEYTuH0M5q4OK
+Ow7BdljlPZGO34MWPTm01E6duI9oNqfyOUtCR0aZkIWCF1NVBK229yalBqzrnlH+
+X3SLtFVlo1wGxrJeFpM12RgW0lZCkOKAKy2uwRWyZAv/s/LbU2pyMjyOUijQxl1k
+UUeXwf6/beSOl+RKdPnPsxOLKCY+0ir+soL5yqB3JLmgQmjSQeD6vX7+yBWc3+W6
+NwhkpSYtTU7QAd9iPpNmRqlQV2IdxwIDAQABAoICAAiUL6B8VclIO9awcoMH6VSc
+cQ/iPKKwSg57RDmvWQgFYqnMDRN6scZ0PiL+LUq+wELNQQVlWzAPe5z5sxKegWCS
+M6YFb+vKN/R7/OlZf1vZpM8OXOZi/rUPkIU7QiSeF4TZJ0hhM5zgGVx5M+M0F/Zp
+tvj6co4rWM8dxkopNtsDoiiLY3MAQiY0IQYy7SK0dTM/TffuRlDf5xA/jtRxBNMQ
+2KOperhup6z9Q9KmPzgnxPRKExnLQyRLsm+BVQBMk1fcrzSDCWjwlnZUHf+JL0SX
+OXaC1TUnmHmqf3QJ7USiYCqWnAPOb4KySn3Pj1L0paO8GT7s5EqEHEcSy4mT5664
+F6LsAkkxDY37bAQ4I6guEPb6+JjI+a7BtU82/LIb9tUIF3tLLN810JMRUFu0Pt1Z
+e84AlANH47NNcCjPcoHz8lcVBlNQ4JDi9yxZwwO+brFvwHVmzV7l3wCl/70ucsJy
+gwB1Eysizi41hqMpAtbhGe3nmgJs/S9+KjnjkvkzlqFaX6xaU5nTLpkEF1znsbiw
+FEHKEiIFn0hPPHb24PRm4ktyBoT65qaSB/GewVbvJN/CxPin5C1I9MzvzXv+rFn1
+NMkGJCmL40zwAUkm/1NTO8cvRG85s8ak7Y1IAmo67wUmuuoQQyo71Jef/JcVyk6c
+xuRRdMu5sp8nyyNcYOZZAoIBAQDWmGVqUYWm5sGWUkhRv6ct/ov6rhlEw9/4KJIa
+TkEN0G6rItTjCAHycywSomeeQv5waxdYjpAOOYxm166bvgGa6lkDmttIvyG2bzsX
+F9Xvc4+KbMPMG0Bn5M4IP/FPM+L/hA6r4z7MmU3PIotLSGRT9CMyfQzs228YLgdb
+OfRT3qxWeohWHHv91l62yJjJ2hCay89U/aq3C5oQ7RPuv8tj5V1H86kcRl0Emkly
+LkZLNVf1FykVn80SL0MquXhhsv4GrRedjbMhnWtqUuIohTOVqGe2tfkBu2OYpDuO
+T7eKi0I4Z1bzUOwfjoBsWuyJjhWGt9pGYS912An3r/htZirtAoIBAQDOb6gxTw5N
+1aVSgcdDE0A1/UsqYrICkqstGbJYjvQIj8YMyAGG7AAd5KN/cnNpJMyrNSmUhKAK
+I1OFCsloTa8VbDistxCJIqkK3wJ6/YnlBjQbyTPCbjPJ5Fj/U0AutqCYjRHifyAr
+GxUtSkZM+NxV/ggcKlDaLGiIH1/NmiTXlqFHyoxC4yhB0ZJeBj8az8THP3awgqjV
+idHzcYQBJEWMbn5/ysPlm3NCuQwqXpGvQ8P881P91CtnvmilxgDKt/fOOFA3n/jy
+YNFjmoL/bxA8L9Lc8Zpr1vHs++01V+JFxhLWPpiIAWavkkj0BvkQDzJmvLHI9SmG
+wR/DK9Z+kXEDAoIBAQDHUsw4Qbp7uTCs+IaV8AdP0HSihl2QIsQA02ZJqtAADc8N
+hI/qxMBSO6n/MPw/4whE0SPhLKIfpFKGH+XeYVFKXEwL7iWqX2Xn908SdyBOhq8Y
+K0h+Z/2dwsegoAv6vj4libq665ukHO1J7VMmvPn7hPPAbKi5xGRfODm7AYyw7k5z
+EONb4J9GunxFGPPZ4YO01IQi9G9CEDOtbxgpldpMUnofX/J/AdhacxivRs4iA01M
+qJOPs1uefWnM4HMxhDkxaEtcG4b8PSTNoGjSrE6qvr5+1m2Qr0amPD3ZRLA9rnX2
+v/3iiRKZiRo+CwJUDjZuaI0E/DZCJkWz265Lpy9NAoIBAQCoJu1i1Nl67ycOEOZF
+rb2k/KCocuI7FEtYnlDWsAL5olsZeCU+SKhDsUS4gHqfz7jjUJeBAZL3DxVuDn5G
+dtjB43g6v5c5jUESuNrlYfZb1nTFmVuO6YNH1bfkqmRiaKJiAK7rxs9mLVZPoOuo
+sSGQ7i6e+p0HShsPnjbEW+XcsjbHKqabqTrWeiX2brIiXdEU144Pcy6hWfTpjrKO
+14PLQwnJgFmXgssdM2xEaunSUKmpNm9ZF+UPSVsmhSWJ+tZgZSB6XtVCYTjOIELK
+XCZmUDI7hJVbeCdx+TecNuz6FsCrQSuvxSxmoQrJs5BW03ojk1phrclYmaEMsn2y
+dTgPAoIBAQCRe4y76djA0MY7QCm4HO06ZpZV7g0K1wzUrJdOc7+UAklFNVttTfAJ
+eTk7dVKcxJy8W/jBStuKXuBba76vn7Oas4J316HHz4w9NBgz9Gdbid9sbkDWfsF/
+AjzEtrwKKCydH2bxgJlj0kC3baemSib71HNilVuApLGhdCZAdWkxqkxAmSoMuhjx
+3CX66AKVyMMouk7GnuoUj67Ued5Bha54arDq1RZVWLa8JnGRoUkfzC5ukyYo3LcE
+SC15WJOUEGyqXGUwSrh9t1YLpViG6dARBnLuLjdRIvLVvEtgymvRwzb1fS4/wMH8
+BVksLv0EVzq2MyO+yTR1M8Y+0KBK5dx8
 -----END PRIVATE KEY-----
diff --git a/tests/tests.rs b/tests/tests.rs
index 18fdff5..e2cd390 100644
--- a/tests/tests.rs
+++ b/tests/tests.rs
@@ -429,7 +429,7 @@ mod multicert {
             .root_store
             .add_pem_file(&mut Cursor::new(include_bytes!(concat!(
                 env!("CARGO_MANIFEST_DIR"),
-                "/tests/data/multicert/ca_cert.pem"
+                "/tests/data/multicert/example.com/cert.pem"
             ))))
             .unwrap();
 
@@ -459,7 +459,7 @@ mod multicert {
             .root_store
             .add_pem_file(&mut Cursor::new(include_bytes!(concat!(
                 env!("CARGO_MANIFEST_DIR"),
-                "/tests/data/multicert/ca_cert.pem"
+                "/tests/data/multicert/example.org/cert.pem"
             ))))
             .unwrap();