diff --git a/tests/bundle-certs.bats b/tests/bundle-certs.bats
index 9401ebbe011433b70e1f41da0d95dc9b6aef3893..893d17b79469be49003399e89fd3f0e3f12fa82f 100644
--- a/tests/bundle-certs.bats
+++ b/tests/bundle-certs.bats
@@ -5,22 +5,22 @@ setup () {
     mkdir -p .testcerts
 	echo 1000 > .testcerts/serial
 	openssl genrsa -out .testcerts/root.key 4096
-	openssl req -new -x509 -days 7 -key .testcerts/root.key -nodes -out .testcerts/root.crt -subj /C=US/ST=State/L=City/O=RootCA/OU=Unit/CN=localhost/emailAddress=none@nowhere.com
+	openssl req -config tests/openssl.cnf -extensions v3_ca -outform PEM -new -x509 -days 7 -key .testcerts/root.key -nodes -out .testcerts/root.crt -subj /C=US/ST=State/L=City/O=RootCA/OU=Unit/CN=localhost/emailAddress=none@nowhere.com
 	openssl genrsa -out .testcerts/intermediate1.key 4096
-	openssl req -new -key .testcerts/intermediate1.key -out .testcerts/intermediate1.csr -subj /C=US/ST=State/L=City/O=FirstIntermediate/OU=Unit/CN=localhost/emailAddress=none@nowhere.com
-	openssl x509 -req -days 7 -in .testcerts/intermediate1.csr -out .testcerts/intermediate1.crt -CAkey .testcerts/root.key -CA .testcerts/root.crt -CAserial .testcerts/serial
+	openssl req -config tests/openssl.cnf -extensions v3_ca -new -key .testcerts/intermediate1.key -out .testcerts/intermediate1.csr -subj /C=US/ST=State/L=City/O=FirstIntermediate/OU=Unit/CN=localhost/emailAddress=none@nowhere.com
+	openssl x509 -extfile tests/openssl.cnf -extensions v3_ca -outform PEM -req -days 7 -in .testcerts/intermediate1.csr -out .testcerts/intermediate1.crt -CAkey .testcerts/root.key -CA .testcerts/root.crt -CAserial .testcerts/serial
 	openssl genrsa -out .testcerts/intermediate2.key 4096
-	openssl req -new -key .testcerts/intermediate2.key -out .testcerts/intermediate2.csr -subj /C=US/ST=State/L=City/O=SecondIntermediate/OU=Unit/CN=localhost/emailAddress=none@nowhere.com
-	openssl x509 -req -days 7 -in .testcerts/intermediate2.csr -out .testcerts/intermediate2.crt -CAkey .testcerts/intermediate1.key -CA .testcerts/intermediate1.crt -CAserial .testcerts/serial
+	openssl req -config tests/openssl.cnf -extensions v3_ca -new -key .testcerts/intermediate2.key -out .testcerts/intermediate2.csr -subj /C=US/ST=State/L=City/O=SecondIntermediate/OU=Unit/CN=localhost/emailAddress=none@nowhere.com
+	openssl x509 -extfile tests/openssl.cnf -extensions v3_ca  -outform PEM -req -days 7 -in .testcerts/intermediate2.csr -out .testcerts/intermediate2.crt -CAkey .testcerts/intermediate1.key -CA .testcerts/intermediate1.crt -CAserial .testcerts/serial
 	openssl genrsa -out .testcerts/server.key 4096
 	openssl req -new -key .testcerts/server.key -out .testcerts/server.csr -subj /C=US/ST=State/L=City/O=Server/OU=Unit/CN=localhost/emailAddress=none@nowhere.com
-	openssl x509 -req -days 7 -in .testcerts/server.csr -out .testcerts/server.crt -CAkey .testcerts/intermediate2.key -CA .testcerts/intermediate2.crt -CAserial .testcerts/serial
+	openssl x509 -outform PEM -req -days 7 -in .testcerts/server.csr -out .testcerts/server.crt -CAkey .testcerts/intermediate2.key -CA .testcerts/intermediate2.crt -CAserial .testcerts/serial
 	cat .testcerts/intermediate1.crt .testcerts/intermediate2.crt > .testcerts/intermediates.crt
 }
 
 teardown () {
-    [ -f .server.pid ] && [ -d "/proc/$$(cat .server.pid)" ] && kill "$(cat .server.pid)" || true
-    #git clean -fdX
+    kill "$(cat .server.pid)" || true
+    git clean -fdX
 }
 
 server_test () {
diff --git a/tests/openssl.cnf b/tests/openssl.cnf
new file mode 100644
index 0000000000000000000000000000000000000000..4507ba36c22c1970e62abd5324158319069677a3
--- /dev/null
+++ b/tests/openssl.cnf
@@ -0,0 +1,8 @@
+[ req ]
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name]
+
+[ v3_ca ]
+basicConstraints = critical, CA:true
+keyUsage = keyCertSign, cRLSign