diff --git a/internal/certigo/lib/certs_test.go b/internal/certigo/lib/certs_test.go
index f4fd47a8..008c96a4 100644
--- a/internal/certigo/lib/certs_test.go
+++ b/internal/certigo/lib/certs_test.go
@@ -8,12 +8,12 @@ func TestClientTLSConfig(t *testing.T) {
 	derfmt := CertKeyFormatDER
 	pemfmt := CertKeyFormatPEM
 	pfxfmt := CertKeyFormatPKCS12
-	testTLSConfig(t, false, "internal/testing/tls/ca.crt", pemfmt, "internal/testing/tls/client.crt", pemfmt, "internal/testing/tls/client.key", pemfmt, "")
-	testTLSConfig(t, false, "internal/testing/tls/ca.crt", pemfmt, "internal/testing/tls/client.der", derfmt, "internal/testing/tls/client.key", pemfmt, "")
-	testTLSConfig(t, false, "internal/testing/tls/ca.crt", pemfmt, "internal/testing/tls/client.pfx", pfxfmt, "internal/testing/tls/client.key", pemfmt, "")
-	testTLSConfig(t, false, "internal/testing/tls/ca.crt", pemfmt, "internal/testing/tls/client_pass.pfx", pfxfmt, "", pemfmt, "pfxpassword")
-	testTLSConfig(t, false, "internal/testing/tls/ca.der", derfmt, "internal/testing/tls/client.pfx", pfxfmt, "", pemfmt, "")
-	testTLSConfig(t, false, "internal/testing/tls/ca.crt", pemfmt, "internal/testing/tls/testcert.pem", pemfmt, "internal/testing/tls/testkey.pem", pemfmt, "")
+	testTLSConfig(t, false, "../../testing/tls/ca.crt", pemfmt, "../../testing/tls/client.crt", pemfmt, "../../testing/tls/client.key", pemfmt, "")
+	testTLSConfig(t, false, "../../testing/tls/ca.crt", pemfmt, "../../testing/tls/client.der", derfmt, "../../testing/tls/client.key", pemfmt, "")
+	testTLSConfig(t, false, "../../testing/tls/ca.crt", pemfmt, "../../testing/tls/client.pfx", pfxfmt, "../../testing/tls/client.key", pemfmt, "")
+	testTLSConfig(t, false, "../../testing/tls/ca.crt", pemfmt, "../../testing/tls/client_pass.pfx", pfxfmt, "", pemfmt, "pfxpassword")
+	testTLSConfig(t, false, "../../testing/tls/ca.der", derfmt, "../../testing/tls/client.pfx", pfxfmt, "", pemfmt, "")
+	testTLSConfig(t, false, "../../testing/tls/ca.crt", pemfmt, "../../testing/tls/testcert.pem", pemfmt, "../../testing/tls/testkey.pem", pemfmt, "")
 }
 
 func testTLSConfig(
@@ -38,12 +38,12 @@ func testTLSConfig(
 }
 
 func TestGuessFormat(t *testing.T) {
-	guessFormat(t, "internal/testing/tls/client.crt", CertKeyFormatPEM)
-	guessFormat(t, "internal/testing/tls/client.cer", CertKeyFormatPEM)
-	guessFormat(t, "internal/testing/tls/client.key", CertKeyFormatPEM)
-	guessFormat(t, "internal/testing/tls/client.pfx", CertKeyFormatPKCS12)
-	guessFormat(t, "internal/testing/tls/client.der", CertKeyFormatDER)
-	forceFormat(t, "internal/testing/tls/client.guess", CertKeyFormatPEM, CertKeyFormatPEM)
+	guessFormat(t, "../../testing/tls/client.crt", CertKeyFormatPEM)
+	guessFormat(t, "../../testing/tls/client.cer", CertKeyFormatPEM)
+	guessFormat(t, "../../testing/tls/client.key", CertKeyFormatPEM)
+	guessFormat(t, "../../testing/tls/client.pfx", CertKeyFormatPKCS12)
+	guessFormat(t, "../../testing/tls/client.der", CertKeyFormatDER)
+	forceFormat(t, "../../testing/tls/client.guess", CertKeyFormatPEM, CertKeyFormatPEM)
 }
 
 func guessFormat(t *testing.T, filename string, formatExpected CertificateKeyFormat) {
diff --git a/internal/testing/tls/gen.sh b/internal/testing/tls/gen.sh
deleted file mode 100755
index 1ed188a6..00000000
--- a/internal/testing/tls/gen.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-
-set -ex
-
-# generate der and pkcs12 file
-openssl x509  -outform der -in tls/ca.crt -out tls/ca.der
-openssl x509  -outform der -in tls/client.crt -out tls/client.der
-openssl x509  -outform der -in tls/client.crt -out tls/client.der
-openssl x509  -text -in tls/client.crt > tls/client.cer
-sed '1s/^/invalidGuess/' tls/client.cer > tls/client.guess
-openssl pkcs12 -export \
-	-in tls/client.crt \
-	-inkey tls/client.key \
-	-certfile tls/ca.crt \
-	-out tls/client.pfx \
-	-password pass:
-openssl pkcs12 -export \
-	-in tls/client.crt \
-	-inkey tls/client.key \
-	-certfile tls/ca.crt \
-	-out tls/client_pass.pfx \
-	-password pass:pfxpassword
diff --git a/mk-test-files.sh b/mk-test-files.sh
index 51db6f46..95fba5be 100755
--- a/mk-test-files.sh
+++ b/mk-test-files.sh
@@ -55,3 +55,23 @@ cs sign wrong-client --years 10 --CA wrong-ca
 # Create expired cert
 cs request-cert --common-name expired --ip 127.0.0.1 --domain localhost
 cs sign expired --years 0 --CA ca
+
+# Create DER PKCS12 file
+openssl x509  -outform der -in tls/ca.crt -out tls/ca.der
+openssl x509  -outform der -in tls/client.crt -out tls/client.der
+openssl x509  -outform der -in tls/client.crt -out tls/client.der
+openssl x509  -text -in tls/client.crt > tls/client.cer
+sed '1s/^/invalidGuess/' tls/client.cer > tls/client.guess
+openssl pkcs12 -export \
+	-in tls/client.crt \
+	-inkey tls/client.key \
+	-certfile tls/ca.crt \
+	-out tls/client.pfx \
+	-password pass:
+openssl pkcs12 -export \
+	-in tls/client.crt \
+	-inkey tls/client.key \
+	-certfile tls/ca.crt \
+	-out tls/client_pass.pfx \
+	-password pass:pfxpassword
+