diff --git a/Makefile b/Makefile
index 8b5c813b..065dd986 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,5 @@
 export GO111MODULE=on
+TOP_LEVEL=$(shell git rev-parse --show-toplevel)
 
 .PHONY: all
 all: doc binary debug test check
@@ -13,6 +14,7 @@ debug: doc
 
 .PHONY: test
 test:
+	$(shell cd test/data; ./gen_certs.sh; cd ${TOP_LEVEL})
 	go test -v -race -cover -coverprofile=coverage.txt -covermode=atomic ./...
 
 ./bin/golangci-lint:
diff --git a/docs/docs.go b/docs/docs.go
index 1c85c93f..af823728 100644
--- a/docs/docs.go
+++ b/docs/docs.go
@@ -1,6 +1,6 @@
 // GENERATED BY THE COMMAND ABOVE; DO NOT EDIT
 // This file was generated by swaggo/swag at
-// 2019-07-10 17:20:00.064076444 -0700 PDT m=+0.118699568
+// 2019-07-21 12:44:36.256745172 -0700 PDT m=+0.084868637
 
 package docs
 
diff --git a/examples/config-example.json b/examples/config-example.json
index 4ddd70d0..5c137912 100644
--- a/examples/config-example.json
+++ b/examples/config-example.json
@@ -8,7 +8,7 @@
     "port":"8080",
     "realm":"zot",
     "tls": {
-      "cert":"test/data/server.crt",
+      "cert":"test/data/server.cert",
       "key":"test/data/server.key"
     },
     "auth": {
diff --git a/examples/config-example.yaml b/examples/config-example.yaml
index 40b70a03..95d03143 100644
--- a/examples/config-example.yaml
+++ b/examples/config-example.yaml
@@ -8,7 +8,7 @@ http:
   port: 8080
   realm: zot
   tls:
-    cert: test/data/server.crt
+    cert: test/data/server.cert
     key: test/data/server.key
   auth:
     htpasswd:
diff --git a/pkg/api/controller.go b/pkg/api/controller.go
index 2e01dc17..2880048e 100644
--- a/pkg/api/controller.go
+++ b/pkg/api/controller.go
@@ -44,6 +44,11 @@ func (c *Controller) Run() error {
 		return err
 	}
 
+	clientAuth := tls.VerifyClientCertIfGiven
+	if c.Config.HTTP.Auth.HTPasswd.Path == "" {
+		clientAuth = tls.RequireAndVerifyClientCert
+	}
+
 	if c.Config.HTTP.TLS.Key != "" && c.Config.HTTP.TLS.Cert != "" {
 		if c.Config.HTTP.TLS.CACert != "" {
 			caCert, err := ioutil.ReadFile(c.Config.HTTP.TLS.CACert)
@@ -53,7 +58,7 @@ func (c *Controller) Run() error {
 			caCertPool := x509.NewCertPool()
 			caCertPool.AppendCertsFromPEM(caCert)
 			server.TLSConfig = &tls.Config{
-				ClientAuth: tls.RequireAndVerifyClientCert,
+				ClientAuth: clientAuth,
 				ClientCAs:  caCertPool,
 			}
 		}
diff --git a/pkg/api/controller_test.go b/pkg/api/controller_test.go
index ebe6044b..0e671635 100644
--- a/pkg/api/controller_test.go
+++ b/pkg/api/controller_test.go
@@ -19,9 +19,13 @@ const (
 	BaseURL1       = "http://127.0.0.1:8081"
 	BaseURL2       = "http://127.0.0.1:8082"
 	BaseSecureURL2 = "https://127.0.0.1:8082"
+	SecurePort1    = "8081"
+	SecurePort2    = "8082"
 	username       = "test"
 	passphrase     = "test"
 	htpasswdPath   = "../../test/data/htpasswd" // nolint (gosec) - this is just test data
+	ServerCert     = "../../test/data/server.cert"
+	ServerKey      = "../../test/data/server.key"
 )
 
 func TestNew(t *testing.T) {
@@ -35,7 +39,7 @@ func TestNew(t *testing.T) {
 func TestBasicAuth(t *testing.T) {
 	Convey("Make a new controller", t, func() {
 		config := api.NewConfig()
-		config.HTTP.Port = "8081"
+		config.HTTP.Port = SecurePort1
 		config.HTTP.Auth.HTPasswd.Path = htpasswdPath
 		c := api.NewController(config)
 		dir, err := ioutil.TempDir("", "oci-repo-test")
@@ -95,10 +99,10 @@ func TestTLSWithBasicAuth(t *testing.T) {
 		resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool})
 		defer func() { resty.SetTLSClientConfig(nil) }()
 		config := api.NewConfig()
-		config.HTTP.Port = "8082"
+		config.HTTP.Port = SecurePort2
 		config.HTTP.Auth.HTPasswd.Path = htpasswdPath
-		config.HTTP.TLS.Cert = "../../test/data/server.crt"
-		config.HTTP.TLS.Key = "../../test/data/server.key"
+		config.HTTP.TLS.Cert = ServerCert
+		config.HTTP.TLS.Key = ServerKey
 
 		c := api.NewController(config)
 		dir, err := ioutil.TempDir("", "oci-repo-test")
@@ -164,10 +168,9 @@ func TestTLSMutualAuth(t *testing.T) {
 		resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool})
 		defer func() { resty.SetTLSClientConfig(nil) }()
 		config := api.NewConfig()
-		config.HTTP.Port = "8082"
-		config.HTTP.Auth.HTPasswd.Path = htpasswdPath
-		config.HTTP.TLS.Cert = "../../test/data/server.crt"
-		config.HTTP.TLS.Key = "../../test/data/server.key"
+		config.HTTP.Port = SecurePort2
+		config.HTTP.TLS.Cert = ServerCert
+		config.HTTP.TLS.Key = ServerKey
 		config.HTTP.TLS.CACert = "../../test/data/ca.crt"
 
 		c := api.NewController(config)
@@ -213,7 +216,94 @@ func TestTLSMutualAuth(t *testing.T) {
 		So(err, ShouldNotBeNil)
 
 		// setup TLS mutual auth
-		cert, err := tls.LoadX509KeyPair("../../test/data/client.crt", "../../test/data/client.key")
+		cert, err := tls.LoadX509KeyPair("../../test/data/client.cert", "../../test/data/client.key")
+		So(err, ShouldBeNil)
+
+		resty.SetCertificates(cert)
+		defer func() { resty.SetCertificates(tls.Certificate{}) }()
+
+		// with client certs but without creds, should succeed
+		resp, err = resty.R().Get(BaseSecureURL2 + "/v2/")
+		So(err, ShouldBeNil)
+		So(resp, ShouldNotBeNil)
+		So(resp.StatusCode(), ShouldEqual, 200)
+
+		// with client certs and creds, should get expected status code
+		resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(BaseSecureURL2)
+		So(resp, ShouldNotBeNil)
+		So(resp.StatusCode(), ShouldEqual, 404)
+
+		// with client certs, creds shouldn't matter
+		resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(BaseSecureURL2 + "/v2/")
+		So(resp, ShouldNotBeNil)
+		So(resp.StatusCode(), ShouldEqual, 200)
+	})
+}
+
+func TestTLSMutualAndBasicAuth(t *testing.T) {
+	Convey("Make a new controller", t, func() {
+		caCert, err := ioutil.ReadFile("../../test/data/ca.crt")
+		So(err, ShouldBeNil)
+		caCertPool := x509.NewCertPool()
+		caCertPool.AppendCertsFromPEM(caCert)
+
+		resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool})
+		defer func() { resty.SetTLSClientConfig(nil) }()
+		config := api.NewConfig()
+		config.HTTP.Port = SecurePort2
+		config.HTTP.TLS.Cert = ServerCert
+		config.HTTP.TLS.Key = ServerKey
+		config.HTTP.TLS.CACert = "../../test/data/ca.crt"
+		config.HTTP.Auth.HTPasswd.Path = htpasswdPath
+
+		c := api.NewController(config)
+		dir, err := ioutil.TempDir("", "oci-repo-test")
+		if err != nil {
+			panic(err)
+		}
+		defer os.RemoveAll(dir)
+		c.Config.Storage.RootDirectory = dir
+		go func() {
+			// this blocks
+			if err := c.Run(); err != nil {
+				return
+			}
+		}()
+
+		// wait till ready
+		for {
+			_, err := resty.R().Get(BaseURL2)
+			if err == nil {
+				break
+			}
+			time.Sleep(100 * time.Millisecond)
+		}
+
+		defer func() {
+			ctx := context.Background()
+			_ = c.Server.Shutdown(ctx)
+		}()
+
+		// accessing insecure HTTP site should fail
+		resp, err := resty.R().Get(BaseURL2)
+		So(err, ShouldBeNil)
+		So(resp, ShouldNotBeNil)
+		So(resp.StatusCode(), ShouldEqual, 400)
+
+		// without client certs and creds, should fail
+		_, err = resty.R().Get(BaseSecureURL2)
+		So(err, ShouldBeNil)
+		So(resp, ShouldNotBeNil)
+		So(resp.StatusCode(), ShouldEqual, 400)
+
+		// with creds but without certs, should succeed
+		_, err = resty.R().SetBasicAuth(username, passphrase).Get(BaseSecureURL2)
+		So(err, ShouldBeNil)
+		So(resp, ShouldNotBeNil)
+		So(resp.StatusCode(), ShouldEqual, 400)
+
+		// setup TLS mutual auth
+		cert, err := tls.LoadX509KeyPair("../../test/data/client.cert", "../../test/data/client.key")
 		So(err, ShouldBeNil)
 
 		resty.SetCertificates(cert)
diff --git a/pkg/storage/storage.go b/pkg/storage/storage.go
index 12bdfc14..a2186899 100644
--- a/pkg/storage/storage.go
+++ b/pkg/storage/storage.go
@@ -360,7 +360,7 @@ func (is *ImageStore) PutImageManifest(repo string, reference string,
 			// manifest contents have changed for the same tag
 			desc = m
 			desc.Digest = mDigest
-			index.Manifests = append(index.Manifests[:i], index.Manifests[1+1:]...)
+			index.Manifests = append(index.Manifests[:i], index.Manifests[i+1:]...)
 			break
 		}
 	}
diff --git a/test/data/ca.crt b/test/data/ca.crt
deleted file mode 100644
index 8544bd74..00000000
--- a/test/data/ca.crt
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC7jCCAdagAwIBAgIJALuTIoaFxZVtMA0GCSqGSIb3DQEBCwUAMAwxCjAIBgNV
-BAMMASowHhcNMTkwNjIwMDIzNzAwWhcNMjkwNjE3MDIzNzAwWjAMMQowCAYDVQQD
-DAEqMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0nMLwovfHblPjVV
-0EmdUbgvf4Yz0zhFPQn4g7qsXAYl4RoatUxD0Ow6Ovij6UFTCTi2WDiS+ihnLswp
-ZGlHXmdGtmMnltAL7YAADma5cZhvNEdG2mtGkANZ6IiABVPOU7qHUc3IGCBWbpHK
-9zywrbv4DN3667C2tFEIt4FNw55uEjpkrF7D7Befc9y4gRPYneGgtWiznQA9vMKi
-JvOpxBYbVIujz/BWCzNN/Oavbtd3oJUaObXcr4K/jfaMl/Pc5AVx6OxzlptpleMG
-Lg36dza+ChkQ4FsHJw/O1a8Vp3BIbHzXhQev2dKcXGKUElyEqsxEkh72WYjZMmW4
-T2V+CwIDAQABo1MwUTAdBgNVHQ4EFgQUEOS5BfVHrqbQjfUYM8MjPgi+k3MwHwYD
-VR0jBBgwFoAUEOS5BfVHrqbQjfUYM8MjPgi+k3MwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQsFAAOCAQEAPO4r8geI4MufGmaTPE3yRcEfOtZ9d7CTjPYbRyYk
-g2p/bO2XVUbpfuwo/n2fctddemkqgW8p0SLS0cdFYHW9TzHYUxhL5BWwVkFTz5O8
-+WrheSkLLR3R4iifNaFL79SEugTH3Alirkz3NjdjPzdql7wHahyxMzPWX+FjYzi1
-eU+dcKIYjWa/Vs2BUwf2jVC1U7Q+SyoTCjCiyAwfqiwBd3qkiZ3ArxoolfidIArF
-tA5v6ZHGWP42ZtKxMAz0lfoE3CnjXTVwgtjoIGR0MQ08lPd2PQjtUOMKyYssB2J4
-v3RmDx5ygZQQHJoR+0oMcLuhkJ8g8O0hS3rSlzU6IN6stA==
------END CERTIFICATE-----
diff --git a/test/data/ca.key b/test/data/ca.key
deleted file mode 100644
index 915ce026..00000000
--- a/test/data/ca.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDHScwvCi98duU+
-NVXQSZ1RuC9/hjPTOEU9CfiDuqxcBiXhGhq1TEPQ7Do6+KPpQVMJOLZYOJL6KGcu
-zClkaUdeZ0a2YyeW0AvtgAAOZrlxmG80R0baa0aQA1noiIAFU85TuodRzcgYIFZu
-kcr3PLCtu/gM3frrsLa0UQi3gU3Dnm4SOmSsXsPsF59z3LiBE9id4aC1aLOdAD28
-wqIm86nEFhtUi6PP8FYLM0385q9u13eglRo5tdyvgr+N9oyX89zkBXHo7HOWm2mV
-4wYuDfp3Nr4KGRDgWwcnD87VrxWncEhsfNeFB6/Z0pxcYpQSXISqzESSHvZZiNky
-ZbhPZX4LAgMBAAECggEAP+aD2Bl1/HzLKNVFPNI95XQfls5bU8DZQqctzl9O4Pr/
-rlwGcFeR7y2vxjTvqd1OWMicf1E0n43Q+Apyw0WWosiOvfCxQwRWrsK6QePiVnBA
-SA0KxQJcz9SjQZJzKkIjCGno9ev72vCThkStRfVp2WtKMCYFTQmOq+bH2r9VRgG3
-IBjsF2Al2YVSew/SgLVkiflsME3EG50QHNHCzBbQf2q0dDDpROVmsph325THdd9A
-WJ1BJZD6cxU0WC2Grt0rQP8VrKwRn5nCcR+5buL61hJGPMoMchEUD9qEpaZcSy7J
-9sV2WPZPFt2ePsIWIO547O3S/f3kCaNt1jLJ7XY3MQKBgQD8VTcS4mMsIDdV0E1X
-DtwD6ZFPn7K6/x5IDKZ6EyuLrL+pcGg2p9v3r+zHSFQkNRZ5KyKfEZ7D8vgFQOA4
-H6MkVjnSvZaIYdbKjeSuBnTAoIeVo5CeTKEUCiS6pifhIh8/HVs7rcW4129P3hCr
-mvbBMIZbwXHq10zn8ATwzJUhFwKBgQDKLzvw1pOQqVyF9hRklS7GwEb7qlxHlx6O
-3stX7m9yfNnL7qW2CKQTmwxQOatJI/zOgrsXQFTipWZPOcq9eiT8HX6MSiK/0Q0C
-HJqjHhEgx2TdtbDBkOfmYhtjUfeynRuQ8+qzkSDHjpLk12SutaqYezCXXbyjVLo0
-7LRAVSDbLQKBgBYK56W5qwomwk63xJnPTX71/2CiRb26HY4TtNNDK3GnJJMLo77q
-iPepIZkDA36qOI1bLEoTAviBGBN1aGDeuqSo96ImN6kwStAk9w4QuFA/dbinsjFx
-5jxW6oB3lVJAZdRgnyCmfHg6MZobfv9OqTGVKJeJXYczSZ+VQwk6Bej/AoGAKkMT
-UXVY5R0xtOLKQngYjfz1GXfz0BcbkRuq/5dcfl7wm7snslQ+D8cSHNbhIem+11/m
-Qab112Zha2AWK+MTRgvYPvTkLJpDENTv0fbf960WPW3UI7Hpd3O8a9dfYluKvpLt
-1VkZs/zuYZ1Qc2CP502gy5MRckasoZF04BmrQ4UCgYBK+0m7IJDHy8Mjo/9hf/Jy
-kcJ21JTvpsl3IqnC5BtpYm/+RRRE4hYczTh/Z0Wlsc2ro2f0U03er72ugjXiJcKl
-wD0qQT/HcdgY1Suue//IVLKNX/RaO6R4V//+4E7rGbRznPG2iLau7w/j9eaRX4d8
-YwDdc7C5g8anbO83Ns5xCw==
------END PRIVATE KEY-----
diff --git a/test/data/ca.srl b/test/data/ca.srl
deleted file mode 100644
index 290a943b..00000000
--- a/test/data/ca.srl
+++ /dev/null
@@ -1 +0,0 @@
-93A4FC959A3453F0
diff --git a/test/data/client.crt b/test/data/client.crt
deleted file mode 100644
index bac5043c..00000000
--- a/test/data/client.crt
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICqTCCAZECCQCTpPyVmjRT8DANBgkqhkiG9w0BAQsFADAMMQowCAYDVQQDDAEq
-MB4XDTE5MDYyMDAyMzcwMFoXDTI5MDYxNzAyMzcwMFowITETMBEGA1UECwwKVGVz
-dENsaWVudDEKMAgGA1UEAwwBKjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBALiJ4GscF/7ZNfRgztdoJ8naCwvlZ8Jk2uf3w7saBsuOCDYFop9ZsmNJ6Sac
-ds406DmNY/I01JjZYDDE+d4b+a1WF45YXy+O8spQPSlY1sdASCvKU/V/6GPPjt8e
-UNsCv37tFawpDJrtoWNMWJETBbdNeSoRWHYAhpda70Jyy5te3S9MJkw/y6IRYGQD
-O8AvpeNPBWkqgor98XcXdMW33NGC8rFeYwp4XkixntEhk+7pVDbgcXf4K/awfpsA
-OS4eyIssM5Co9rctbmtssYPbbZ31+L67bTGYksrQJaUX0X6qz74xB+0LL4LB2+ww
-MohJcF5X5mpPO0JvLfJqsj/hXo8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEArW0g
-m/eWwO4goZIWcVXc7ndGvH0woBUTdUBiZ4zYwnibXkAYrN037osdY5vrLlLHcZSj
-qHuHmAnd8N+qcuR+IOQMhPZw6uw/7s+E0N+wro+DnhhzPFfDwFNW7tCKmuuQOlDF
-bEcUJQOvPF//XdWVn4QoTbe38gqwqbBKG/I7AYm3qZLOUE8F+WxM9wKXk8dEg/4v
-S1sykCtl0g0EobdJcacQpwMrMJYiiahC63CjQAI9oW9CQgQ0ePH7DI6lwCm3ylt1
-ZY5AuKsFnzMea6C/0EDP08EpE2EhuAqk0pmZnuQdS1Q9pJg15NoSVJPM8hgnNzrK
-+TrcrDdPcJ6Zeg2EDQ==
------END CERTIFICATE-----
diff --git a/test/data/client.csr b/test/data/client.csr
deleted file mode 100644
index d98b6e00..00000000
--- a/test/data/client.csr
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICZjCCAU4CAQAwITETMBEGA1UECwwKVGVzdENsaWVudDEKMAgGA1UEAwwBKjCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALiJ4GscF/7ZNfRgztdoJ8na
-CwvlZ8Jk2uf3w7saBsuOCDYFop9ZsmNJ6Sacds406DmNY/I01JjZYDDE+d4b+a1W
-F45YXy+O8spQPSlY1sdASCvKU/V/6GPPjt8eUNsCv37tFawpDJrtoWNMWJETBbdN
-eSoRWHYAhpda70Jyy5te3S9MJkw/y6IRYGQDO8AvpeNPBWkqgor98XcXdMW33NGC
-8rFeYwp4XkixntEhk+7pVDbgcXf4K/awfpsAOS4eyIssM5Co9rctbmtssYPbbZ31
-+L67bTGYksrQJaUX0X6qz74xB+0LL4LB2+wwMohJcF5X5mpPO0JvLfJqsj/hXo8C
-AwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAFm5BhNj51g+BpU8YRKeFVwhb2XBsC
-yk5Qp7cV1D60DevFmE3MyzSol6bCSvDbuXRWBI6A6c7ejwlsxMUgScGUinFTMCP0
-IOiVMGp+hz5Y4ZYi77XAvflz8Rj32Tmu6LnKkQ3GmjXmOoMXapPA874PxfxKb9ho
-TWaBJ7/6mz4xU/XHZhVn28ijek/wETcACYSsjVK3U52UhSnzjoQMVnkHVgHSIbqE
-YpfC1TeUBxerMWVDvZRm6vcp/rRvT06tcyRO5SqGBUOmeXzUBCrn7u9QQayu0yAO
-aHSszx9MEp5uW2Pyq4+LAEP5Q4Ke+7BcjWHm9kF48Ilbfy24Q7O6cGqz
------END CERTIFICATE REQUEST-----
diff --git a/test/data/client.key b/test/data/client.key
deleted file mode 100644
index 4e75dfd1..00000000
--- a/test/data/client.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC4ieBrHBf+2TX0
-YM7XaCfJ2gsL5WfCZNrn98O7GgbLjgg2BaKfWbJjSekmnHbONOg5jWPyNNSY2WAw
-xPneG/mtVheOWF8vjvLKUD0pWNbHQEgrylP1f+hjz47fHlDbAr9+7RWsKQya7aFj
-TFiREwW3TXkqEVh2AIaXWu9CcsubXt0vTCZMP8uiEWBkAzvAL6XjTwVpKoKK/fF3
-F3TFt9zRgvKxXmMKeF5IsZ7RIZPu6VQ24HF3+Cv2sH6bADkuHsiLLDOQqPa3LW5r
-bLGD222d9fi+u20xmJLK0CWlF9F+qs++MQftCy+CwdvsMDKISXBeV+ZqTztCby3y
-arI/4V6PAgMBAAECggEAetMqD6BvSCyCgNk+Upj8gpkh6RUTbot6OBLsr8eu5iTu
-yiYOC0nENdmn2Q8i9DS6rDOzZi5LokBsiYlRVcgA8qHuo8ul7x2R855cVvzOV2gt
-oRfVsf0kS+qGCXNAFcVKd8yNND1OKoAnftP9zvF+SHbEQn+xBTlsW6kmvm9xnULw
-f3cffwOLZwV5UFymugBEhJt9EiRVjWJJdVt3f29/ljQg4ZJnnCh8UprtKl73Rkya
-nVMde6Uq9lD8EyadX6zi3hMSmTO9+qnYIu4rPFdPlE0cVlGRmogMu2FIBVwuZkX3
-NqppTq3uGdagVP6s6NmZjB2m3/rNulK7M5IghDuogQKBgQDqmBlAajATsabOQo71
-Zn7bo5v6a1HHqjXIV2wvYM7Mv88zaQb/QMZWdYgSfcJ1e0Ysu6nu6wGpKYiCVvYd
-E8gV/4xrkiB5Gu7owhMGY2XvNOZks9RycNCEyI6NQ/T5fvjnRlGTJCyhLYnH/645
-NUjiAiUHBiljDR0itcxSkWvQcQKBgQDJYIbUMYgQJRcRDUD2eKMczpIw3xXiqK0r
-r0NXE+EENDx5RMz+tf+7RtSRe4+QCsXqgRJXXPCmdrJD74MTZ00sycydjIvIM4Vs
-0ecAZgB4EwTqq6CrwewMBElqhC8NaiFuamNveQiklsgiUQkWacI2826xrMVltji6
-d7jag8ee/wKBgQDm3/2qCVd7alERmSt8k/yxSFlPoKMBb6AypOcR0aJ0myjeHbUH
-LMaFfHIIUMA6QrITgDWDrsEZrIhuTgs1HqzCCZg2nb9bsIgDhkyW8uf0/QjpfpnM
-bv6oT4ELwh+sE6v+YJQTzXwmu9xnelgKcUhjNV0fho7grp1H9cc6U2fZ4QKBgC17
-gbhXX5XV6rnNNoj0glK1TUuAd170Hfip4xm9warDaY0yPuKglJvlyYj6UViFNmJa
-uJvGwAu471ZsuDwfrsyY34AOCFw1VsNXPUdXwm9cTFX8YZOpfvjP1w0Zwc7T060u
-ljrNKWiTLayihNztEhJ7NNsoXIU2fOWQuM2RyfpdAoGAVOKzRPR5B3DNMXXbzT/m
-IhmiJ+w+OSgZYL+lejhX4VbV93+LzVsIUez+T/Tqurx9/Pj3SWqJxW6XZFtaL5vZ
-pPs2k8yysEv27SSQ6mDnotplyLmFiYJY5VLShzGg5LxzoxzH5y5l8D1c/eS+VF+G
-W493RdVuc7hz1lVxuv2fe6k=
------END PRIVATE KEY-----
diff --git a/test/data/gen_certs.sh b/test/data/gen_certs.sh
index c725ed2a..4d0f6ee9 100755
--- a/test/data/gen_certs.sh
+++ b/test/data/gen_certs.sh
@@ -24,7 +24,7 @@ openssl x509 \
     -CA ca.crt \
     -CAkey ca.key \
     -CAcreateserial \
-    -out server.crt \
+    -out server.cert \
     -extfile <(echo subjectAltName = IP:127.0.0.1)
 
 openssl req \
@@ -42,4 +42,4 @@ openssl x509 \
     -CA ca.crt \
     -CAkey ca.key \
     -CAcreateserial \
-    -out client.crt
+    -out client.cert
diff --git a/test/data/server.crt b/test/data/server.crt
deleted file mode 100644
index 6a8be655..00000000
--- a/test/data/server.crt
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICwzCCAaugAwIBAgIJAJOk/JWaNFPvMA0GCSqGSIb3DQEBCwUAMAwxCjAIBgNV
-BAMMASowHhcNMTkwNjIwMDIzNzAwWhcNMjkwNjE3MDIzNzAwWjAhMRMwEQYDVQQL
-DApUZXN0U2VydmVyMQowCAYDVQQDDAEqMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAs8ZX1Qp2w2cQLIUIz7LtOitb3E0gv1zuSg8hsG7TNYydQNi06fF2
-VpDEGMFau1ZqwtyP6SsjqGYuT78eIHQKMVXnURviv6vp1/5f07LJNy1eLisF/Ng5
-nkfMR/J4h+yziOeT8CwZfXMLY7u0rti5VqWpV4B8ylGMV79Tz+wXR02xGVQZtcYU
-K+WNaf0wWZEOQUeHzNCDc46PDsukBvNDMkeDJUy9MnEzLxx/WVYCt/p9xwan/fj+
-BigSJcG5SzR3MilUEr/pn5PSWgY40Lx8C0W5lnLaO+jaSMSTfhXoCvCLwsgdjA7y
-6s9nvApL80+Y8Jt8bhCyu2M1vewrblfacQIDAQABoxMwETAPBgNVHREECDAGhwR/
-AAABMA0GCSqGSIb3DQEBCwUAA4IBAQCIKnzHFciUufTUDIiPYePfmk30XvddOFeT
-4WUzNhxPxfv1bWX9iefZTsZAEmSDWeE4qMQuJdvICd426sZT5V/VtWcy/a114mjQ
-At97/Y1GMq+XEnS4295S48QiRjahlZd6N+9X70SnHPqo8YX33+j+8aMorvIpDKVk
-WBJ0U9prfOhVhm37nHUjemZ/p4oS51XBo79kbXT9tWD63FAAl4SK99/6ZMPXJHoe
-OuXZdn1X41983z0cV1Ze9QhSgEZum9lCjeGZt8b6s/EhByG3yDoNpDCHtkmk921w
-a/CH4WZvQe3Q+aFp7tk3XrDPfFuxay2IXE6rXSutYMwiQaZEUs2U
------END CERTIFICATE-----
diff --git a/test/data/server.csr b/test/data/server.csr
deleted file mode 100644
index c8e94e28..00000000
--- a/test/data/server.csr
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICZjCCAU4CAQAwITETMBEGA1UECwwKVGVzdFNlcnZlcjEKMAgGA1UEAwwBKjCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPGV9UKdsNnECyFCM+y7Tor
-W9xNIL9c7koPIbBu0zWMnUDYtOnxdlaQxBjBWrtWasLcj+krI6hmLk+/HiB0CjFV
-51Eb4r+r6df+X9OyyTctXi4rBfzYOZ5HzEfyeIfss4jnk/AsGX1zC2O7tK7YuVal
-qVeAfMpRjFe/U8/sF0dNsRlUGbXGFCvljWn9MFmRDkFHh8zQg3OOjw7LpAbzQzJH
-gyVMvTJxMy8cf1lWArf6fccGp/34/gYoEiXBuUs0dzIpVBK/6Z+T0loGONC8fAtF
-uZZy2jvo2kjEk34V6Arwi8LIHYwO8urPZ7wKS/NPmPCbfG4QsrtjNb3sK25X2nEC
-AwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCpj3yysx0u7LRQw9EaSZJhZ92vTnqT
-KLK1+8GRLLt8obZhq9Iw0s6Q47GRC0dDfu6DwE/sOBPUXXOkdSys+QtqPPHZZPNT
-JzezflInuATliHGNbXHiQ9Z9uHsbeiiEi604e85mj+m8rf5LOYYGxhTyNN5AONFZ
-6p1R0IMa/9i8PV6G0JgN0Y8JfGYFuJgVM0Le90bSG0q97W+8Rs7DLQqI//2yV20K
-PHSRufZoNayh6bVdIimx3ji8/s/VjvI+0hT110RBqUJk8phzZGnKAkiZDMa66weM
-y8AzuOsLc7TdtxVBGer+ClTSH/VjyuDIqBqxN2hfeB6yD9qWCu1ysvxy
------END CERTIFICATE REQUEST-----
diff --git a/test/data/server.key b/test/data/server.key
deleted file mode 100644
index 2feede2f..00000000
--- a/test/data/server.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCzxlfVCnbDZxAs
-hQjPsu06K1vcTSC/XO5KDyGwbtM1jJ1A2LTp8XZWkMQYwVq7VmrC3I/pKyOoZi5P
-vx4gdAoxVedRG+K/q+nX/l/Tssk3LV4uKwX82DmeR8xH8niH7LOI55PwLBl9cwtj
-u7Su2LlWpalXgHzKUYxXv1PP7BdHTbEZVBm1xhQr5Y1p/TBZkQ5BR4fM0INzjo8O
-y6QG80MyR4MlTL0ycTMvHH9ZVgK3+n3HBqf9+P4GKBIlwblLNHcyKVQSv+mfk9Ja
-BjjQvHwLRbmWcto76NpIxJN+FegK8IvCyB2MDvLqz2e8CkvzT5jwm3xuELK7YzW9
-7CtuV9pxAgMBAAECggEAVKyTKhDnp1mf0JhIciuAeOl7NuRNDFUlF1TRNVy9tnco
-iiaH77h/WH6PHmnT5nDpkCZ60gQzo1mdbopCEl8Vfe9MKHPN9SFv3wA8+mU3SPnh
-ZjV1eIYPfXGr0iduhfcDCPSqRXFAAEpzjuIWVFRX12vnuwMVw+VtCNdhDonQ3Q/8
-jpGi1LDjadckmDkf9QbHBiec9Me/oXd18R9npK9yp8zJCvLUhVeWHdFl1YTvK8QE
-s9/IffRO/CLofie4VvR4lLT02Hj47jgMfuKyF0Y+qDykT2AxJsBpdIIMy21hLDTp
-RoHHbzJlcwL9ITzas/daVWHqFADSvyK7ZfWggxjgAQKBgQDg09Qw3hN98Deo6fsA
-rcn1BDflDHLEc0hY/L/NqLb0EnUMYKZSGI9QbyZP3Oh3jG2G/WdOeq9QLpEIrauF
-kd5BTDBRgjx0YzwqIu6rv0vwdo5a7+TATETTGH1gZUTmno3yL2b2OdTA33ewyX7o
-rwDEYaTg4ACJLwPqT+vwJCaugQKBgQDMs2KjjpXkEZgTz4tbcTQsNL7ulTOcwYR7
-mOsntXTPHSxB9UiTLFvvgo+/okoCUtW1qztDGzdCjilLNc3lcgpHvGS+pX9MtFKo
-lsVnw8cUM7kGHEAjoauGCVYmaZNuOCcbhWvaQEPo8424TkC29PCZNHbC6n5gBQMV
-ndQfnfoT8QKBgQC54WkGHhWvgfQCy7CilwzqblpoHSqmEUo3iIBr4Jmiob/0Q9Q+
-+99BeSQL03C/pnLHsKrAz94yRM3UhwHQpRFEm2E3gp3I/GK507fQd5Cpdturg7t0
-4ZnljdHa6N9WbLCfE2HlIVstO5URrQYoCshvlOtkoM7QnPZ3uywulzUEAQKBgF4g
-vuLm1hYh4QR7E2HhFFSfjIy5HxqeAgWzs652ylfS2l8aI11JsJzaNK+yOMYIwSzg
-qEebZDW+mU50V1GCtyd1gf4IrBjhcoEDk5K7e/fWMOaWZwf7d5wS/wJ62ch9Gb6W
-A5pAovmjxS9TDH8U8u4AKfxHSAVvSJPQF5LSWgSBAoGBANbFPrVXgcmCxHRAq9U4
-tybOgJuU1MkGHQBW6i3bQZqxBu2A+h7ORBp/mFZzFKUrxaG8YrBqfiQOznQnPLyZ
-k0C4sWPSF7CDD9ZjVS86yOYRzBVlCFWSaGttii2rFuuSEdDjPUOoUhO1NcKSevm1
-KqLTO/4DvBVib2nMAPzTt1pZ
------END PRIVATE KEY-----