diff --git a/internal/net/ssl/ssl_test.go b/internal/net/ssl/ssl_test.go
index 04c7018fd..fa07b505c 100644
--- a/internal/net/ssl/ssl_test.go
+++ b/internal/net/ssl/ssl_test.go
@@ -56,7 +56,7 @@ func generateRSACerts(host string) (*keyPair, *keyPair, error) {
 	}, ca, nil
 }
 
-func TestAddOrUpdateCertAndKey(t *testing.T) {
+func TestStoreSSLCertOnDisk(t *testing.T) {
 	fs := newFS(t)
 
 	cert, _, err := generateRSACerts("echoheaders")
@@ -69,21 +69,26 @@ func TestAddOrUpdateCertAndKey(t *testing.T) {
 	c := certutil.EncodeCertPEM(cert.Cert)
 	k := certutil.EncodePrivateKeyPEM(cert.Key)
 
-	ngxCert, err := AddOrUpdateCertAndKey(name, c, k, []byte{}, fs)
+	sslCert, err := CreateSSLCert(c, k)
 	if err != nil {
-		t.Fatalf("unexpected error checking SSL certificate: %v", err)
+		t.Fatalf("unexpected error creating SSL certificate: %v", err)
 	}
 
-	if ngxCert.PemFileName == "" {
+	err = StoreSSLCertOnDisk(fs, name, sslCert)
+	if err != nil {
+		t.Fatalf("unexpected error storing SSL certificate: %v", err)
+	}
+
+	if sslCert.PemFileName == "" {
 		t.Fatalf("expected path to pem file but returned empty")
 	}
 
-	if len(ngxCert.CN) == 0 {
+	if len(sslCert.CN) == 0 {
 		t.Fatalf("expected at least one cname but none returned")
 	}
 
-	if ngxCert.CN[0] != "echoheaders" {
-		t.Fatalf("expected cname echoheaders but %v returned", ngxCert.CN[0])
+	if sslCert.CN[0] != "echoheaders" {
+		t.Fatalf("expected cname echoheaders but %v returned", sslCert.CN[0])
 	}
 }
 
@@ -101,11 +106,26 @@ func TestCACert(t *testing.T) {
 	k := certutil.EncodePrivateKeyPEM(cert.Key)
 	ca := certutil.EncodeCertPEM(CA.Cert)
 
-	ngxCert, err := AddOrUpdateCertAndKey(name, c, k, ca, fs)
+	sslCert, err := CreateSSLCert(c, k)
 	if err != nil {
-		t.Fatalf("unexpected error checking SSL certificate: %v", err)
+		t.Fatalf("unexpected error creating SSL certificate: %v", err)
 	}
-	if ngxCert.CAFileName == "" {
+
+	err = StoreSSLCertOnDisk(fs, name, sslCert)
+	if err != nil {
+		t.Fatalf("unexpected error storing SSL certificate: %v", err)
+	}
+
+	if sslCert.CAFileName != "" {
+		t.Fatalf("expected CA file name to be empty")
+	}
+
+	err = ConfigureCACertWithCertAndKey(fs, name, ca, sslCert)
+	if err != nil {
+		t.Fatalf("unexpected error configuring CA certificate: %v", err)
+	}
+
+	if sslCert.CAFileName == "" {
 		t.Fatalf("expected a valid CA file name")
 	}
 }
@@ -120,7 +140,7 @@ func TestGetFakeSSLCert(t *testing.T) {
 	}
 }
 
-func TestAddCertAuth(t *testing.T) {
+func TestConfigureCACert(t *testing.T) {
 	fs, err := file.NewFakeFS()
 	if err != nil {
 		t.Fatalf("unexpected error creating filesystem: %v", err)
@@ -132,11 +152,23 @@ func TestAddCertAuth(t *testing.T) {
 		t.Fatalf("unexpected error creating SSL certificate: %v", err)
 	}
 	c := certutil.EncodeCertPEM(ca.Cert)
-	ic, err := AddCertAuth(cn, c, fs)
+
+	sslCert, err := CreateCACert(c)
 	if err != nil {
 		t.Fatalf("unexpected error creating SSL certificate: %v", err)
 	}
-	if ic.CAFileName == "" {
+	if sslCert.CAFileName != "" {
+		t.Fatalf("expected CAFileName to be empty")
+	}
+	if sslCert.Certificate == nil {
+		t.Fatalf("expected Certificate to be set")
+	}
+
+	err = ConfigureCACert(fs, cn, c, sslCert)
+	if err != nil {
+		t.Fatalf("unexpected error creating SSL certificate: %v", err)
+	}
+	if sslCert.CAFileName == "" {
 		t.Fatalf("expected a valid CA file name")
 	}
 }
@@ -155,12 +187,10 @@ func TestCreateSSLCert(t *testing.T) {
 		t.Fatalf("unexpected error creating SSL certificate: %v", err)
 	}
 
-	name := fmt.Sprintf("test-%v", time.Now().UnixNano())
-
 	c := certutil.EncodeCertPEM(cert.Cert)
 	k := certutil.EncodePrivateKeyPEM(cert.Key)
 
-	ngxCert, err := CreateSSLCert(name, c, k, []byte{})
+	sslCert, err := CreateSSLCert(c, k)
 	if err != nil {
 		t.Fatalf("unexpected error checking SSL certificate: %v", err)
 	}
@@ -170,16 +200,16 @@ func TestCreateSSLCert(t *testing.T) {
 	certKeyBuf.Write([]byte("\n"))
 	certKeyBuf.Write(k)
 
-	if ngxCert.PemCertKey != certKeyBuf.String() {
-		t.Fatalf("expected concatenated PEM cert and key but returned %v", ngxCert.PemCertKey)
+	if sslCert.PemCertKey != certKeyBuf.String() {
+		t.Fatalf("expected concatenated PEM cert and key but returned %v", sslCert.PemCertKey)
 	}
 
-	if len(ngxCert.CN) == 0 {
-		t.Fatalf("expected at least one cname but none returned")
+	if len(sslCert.CN) == 0 {
+		t.Fatalf("expected at least one CN but none returned")
 	}
 
-	if ngxCert.CN[0] != "echoheaders" {
-		t.Fatalf("expected cname echoheaders but %v returned", ngxCert.CN[0])
+	if sslCert.CN[0] != "echoheaders" {
+		t.Fatalf("expected cname echoheaders but %v returned", sslCert.CN[0])
 	}
 }