Various SSL fixes, tests for intermedate CAs

43 files changed, 1382 insertions, 1720 deletions

diff --git a/cpp/test/IceSSL/certs/c_dsa_ca1.p12 b/cpp/test/IceSSL/certs/c_dsa_ca1.p12
index fc56f8198ca..978297424e0 100644
--- a/cpp/test/IceSSL/certs/c_dsa_ca1.p12
+++ b/cpp/test/IceSSL/certs/c_dsa_ca1.p12
diff --git a/cpp/test/IceSSL/certs/c_rsa_ca1.p12 b/cpp/test/IceSSL/certs/c_rsa_ca1.p12
index d983abb86fe..15631f4fa0f 100644
--- a/cpp/test/IceSSL/certs/c_rsa_ca1.p12
+++ b/cpp/test/IceSSL/certs/c_rsa_ca1.p12
diff --git a/cpp/test/IceSSL/certs/c_rsa_ca1_exp.p12 b/cpp/test/IceSSL/certs/c_rsa_ca1_exp.p12
index 72a0d1ef306..2da199c0cf1 100644
--- a/cpp/test/IceSSL/certs/c_rsa_ca1_exp.p12
+++ b/cpp/test/IceSSL/certs/c_rsa_ca1_exp.p12
diff --git a/cpp/test/IceSSL/certs/c_rsa_ca2.p12 b/cpp/test/IceSSL/certs/c_rsa_ca2.p12
index af656d3c0f4..9041dbcd9a3 100644
--- a/cpp/test/IceSSL/certs/c_rsa_ca2.p12
+++ b/cpp/test/IceSSL/certs/c_rsa_ca2.p12
diff --git a/cpp/test/IceSSL/certs/c_rsa_pass_ca1.p12 b/cpp/test/IceSSL/certs/c_rsa_pass_ca1.p12
index 62bc328f627..f8e240e2906 100644
--- a/cpp/test/IceSSL/certs/c_rsa_pass_ca1.p12
+++ b/cpp/test/IceSSL/certs/c_rsa_pass_ca1.p12
diff --git a/cpp/test/IceSSL/certs/c_rsa_pass_ca1_priv.pem b/cpp/test/IceSSL/certs/c_rsa_pass_ca1_priv.pem
index ec54895c008..e2b804beef0 100644
--- a/cpp/test/IceSSL/certs/c_rsa_pass_ca1_priv.pem
+++ b/cpp/test/IceSSL/certs/c_rsa_pass_ca1_priv.pem
@@ -1,30 +1,30 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,417F4EBE4FC1D427
+DEK-Info: DES-EDE3-CBC,390BF31D4A088DA2
 
-owcwpB3UZRoa0Ly4dhDWNWzSx9M7nJsvuwkYNqpAgUS1vfpWxKHY91atCoq3Lt6l
-ZDvNxvy1s1E5tbe97FlLzK06sgrMKUHJVbUPS9S6lqaiHZMVcvWnC9I9ipi7watl
-QL52hzCm/xR1Qk/2glzbGXLu4yf0sUg50nZQTVCOOSydsF6KjaTm2KOQ6JLKuW4h
-gK+4w0079/BXGctMIfG7b7mU8NhPJasdzJKoGMIlpfFqRBVyf6XK4z6pIX3JOcYn
-Jc0M86uO6TfqCJoA1B+5g9g/kePJzvudO86GdrcAYLl+uDn1TWzxLROIF9pENj5E
-E5+qFJGodMd6QZ36jkACU2ZOlb6XN5RgkrD4TxaPx6k6xAgJ+HCrl5Kuw5k7Zhe7
-g5fTem/nLOwCq0bTAFClh8qlS5omP7jqCUoeBTWCyvvEwdHJKkZym88/MKFlkqjN
-zDAddANpPP9TCAsLZElGFaBVr9J0vmUFYe+5X8YARql9lPRjdIhVbkM9QArW9ZOM
-VAcgLWlfA6WGc6vn1PnoittaWKd95r9DQzL+Wea6E/+EJEv8732yeZOK4+K1lCCf
-/RvD4zMkYavJv+rMVU79rHBhqHEDEFJlSnwELq7gMafWBLvYCz3kHJew6gp4QIsH
-+/PFVHLV0tZziSYi3s7H+fbGLeFht4DS4kxBo9wAiickNB4d/MrD5de7DRdo31SF
-7qQsr+tMJop3GhD/8GzqQxHrKeL9Q+/JZZVM3DAQVWDFbO9YY9LHFdL0esZcTVYF
-KHKENTRS82Xx6APZ9aTUMEfIEEMTAt5qWUueMAIMDZAm8V09MO9Cbht3WhEA75sR
-GRNHzZpNRZkct4FXSUC3LtsPTMEGcLWVToPiiAyEF+5SxpVCGAG/P7opeISoRImP
-PFd6uDFiIiLAoUw9+bcnNgpu74dA7lwOSVEpE8qWkKpPoOsFMWO4PZgNdmbQqnHi
-OOfEGlWTDVdnmPzMEvo7QVRUu16Boyh2hwHh19c+1q3vt5oJVSH43LAa5lCej6VZ
-QMT/f0/3AuT53w+8KUwh9EJsEYSCn04wSR1QejDeERTAnfW4KCFdzICmgz5LWutS
-rJF4DN6sbT4JtjyiDZ8r0JaoRoy6A5RIM9QkSfRgyyS+dmTm7ZyKscRjjV0h/7gC
-kUCKNGrbhicy+USjC2Wj2f0OjkqpTKSp1Z3z5ZUjCQoh1ApR4u0cNNexz3TZfetw
-yi4E0DveD9aJS2uuYcYSwbDbxcID6NeUDGDHiELWK1mH3NpknD/pNVghu1vcXNSX
-568/7pWCI7yoxSvY3M6we4wYlzA+DjSmN3OTaPeebN/bcdqETaywKXRDcw5uDzkQ
-hsO6MLv8g6CL5HaYiJarmULYTDYsvUS1xKaKGZU//jGXlZ+myLzSPAC2eyOOfDsa
-C0iNbHoVQu9j0h6dmu2LDNkWc4wqlwjZop6kiunzeFHzxCEjEzn1tdRa8jQ9Q+68
-zszspGdgoYcfWca9I7BQB/SHh1LKExZGaCRLuG+jCQSZZPHAYbe4DTrhT7DzHJnW
-EUvtSSvTuf79u33vSyKTz6JeHwH6qAAIdciFCEf1ADTUc8VQvXUHuw==
+DWU9SznEUPfYZHw9CcEAUR0UHm/MtrIX/nVfvu4W6xWZgfT+OzGE9sn9Vk6+//MP
+pSHyiwXeM7MgJUT9wcaCrCYgW3dtDUgja9/Y7xQcEU6ZrgTHk2FctvPfyK1lvhu5
+HV8Vy+57g/ubyMRoshFqU2wICzag3gUyt/Q405l4iBVP5tJFbp6glATenreY2nvo
+t5509lI7wHd0NBD6VtnYZXZ4PcaQTylRAKf/TpqzrPwuhjwGvV1T/OAiFVShZ98s
+aEUVo0HeKJ+yc9Khhjqc33h7VNzPXBBPKGb3BQJjuZaBMv/eU9y+EX85doXVQfLR
+d39+JJd/9VDLeT4bb2YiLMyK0M1C5PUEz6KRSS6udx3YNFnQT7+VAA82iSeRiRDf
+3fxUjtrxLhTYHW7WBRpppzOd5n1tgGqTNFmL+HonqCjiZkPLSvRxQjZpd3qA6pxM
+nKfF4ZYKoEAQwMuLamOuXOOh+cDDs9T/APOE5XWQ8h583fCDjR2xeHgjVJvABStm
+DNpV4z3JdzMYshk5mjBHT7Nfm8sKZrSAloVDhXwIxV6Xx3fqpzYrZ54kWiiizE4z
+6S0wRoh1+amOOBsxti3pvhX/ykq9OF1cv0h7e6o5qlsH8+hMRTjVkYrUCvtbR+i/
+c3fQRp8O1/KkOEUUgoI8jGw7O04YE6v7NopcoANkUYSjmVJE1VYI5sccsRlcO3Uu
+ntP6zHx0YyFwUvGAfqcSL39HfyXfC6Z4L+nEfB3PjHtJUE+870JroGuuZhVzOYfX
+kBla/LOVO7TU+mhUiyaWF//KVcLrDvBKGKciVQBEmyJtmO46XPWamLwDhl80NA6P
+lawGAYRQ45/NuAN0IKcPEXgjd+m8ofjiZQfRO7wRzP7B+sp0408q/gMUS7zjW4gZ
+UIijxPxFwaHDa/qiVZH2BDppelh0hcVlN4161UkTcPkSzCnn82SoBt3Qb6Z4UYxK
+xRizPac59RMgXLkIkPTNZctJUun9brsbwN7Pcj9hoZy17J8Xa7Rron270mCqlxvG
+53EyiIj/BUndqQo2yFQNXgnzNguTlooz7KWrLUcVYn6aMW/mdPvoVvqDAiQG6mdH
+uCYHnXkdZipFBhliAXG8zpryjMEeeh0vyYwje5mKSMW/AMJN4PoXZj1V3tzgUGVu
+4yOPWXGjCURqu7yfvnoNzhCBYrGFceVg3PqkBzYjIQURcOmj/n0vp7Fq5Q1N6/hD
+mAZCvkmt76JQQmaYCLrEZ/KVeHdcFSR2a7NhqiBummCCV4DuwzuVBBRQTVQ91V+l
+mTbgAjQTFKB/ydokI0FkJ+s3UIweCXsTEEwYh62sdrIthBLOk6YyLPlyU5n5YuCm
+pi1zsUibKjDetEVhclp/POn+Xx0XTrEc+ataMH+FlCcr4bBBJZJ8SS9J29UXAGqb
+O1+oPuWuzpvGD32TQorYs2SaPREAC5NRuhBCYwHNIfGzi9VwyrjYb7rxnebAWKJC
+2zNlYcnUAXxkJd5nq09kMj4XeL5uz8fjZLcT3q1xP0SJ24/8VGOC/B3JpCTNHBx/
+7iwyBNzXdFAvvSdW6vQz6y5mlrgxen2P5gIcoE8djBgf5iowT8rY/A==
 -----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/c_rsa_pass_ca1_pub.pem b/cpp/test/IceSSL/certs/c_rsa_pass_ca1_pub.pem
index b44fc28ec39..971acdb5dbc 100644
--- a/cpp/test/IceSSL/certs/c_rsa_pass_ca1_pub.pem
+++ b/cpp/test/IceSSL/certs/c_rsa_pass_ca1_pub.pem
@@ -2,27 +2,27 @@
 MIIEwzCCA6ugAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBjjEYMBYGA1UEAwwPWmVy
 b0MgVGVzdCBDQSAxMQwwCgYDVQQLDANJY2UxFDASBgNVBAoMC1plcm9DLCBJbmMu
 MRAwDgYDVQQHDAdKdXBpdGVyMRAwDgYDVQQIDAdGbG9yaWRhMQswCQYDVQQGEwJV
-UzEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMTUwNDE0MTkyMDI5
-WhcNMjAwNDEyMTkyMDI5WjCBhTEPMA0GA1UEAwwGQ2xpZW50MQwwCgYDVQQLDANJ
+UzEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMTUwNDE0MTkyMDI4
+WhcNMjAwNDEyMTkyMDI4WjCBhTEPMA0GA1UEAwwGQ2xpZW50MQwwCgYDVQQLDANJ
 Y2UxFDASBgNVBAoMC1plcm9DLCBJbmMuMRAwDgYDVQQHDAdKdXBpdGVyMRAwDgYD
 VQQIDAdGbG9yaWRhMQswCQYDVQQGEwJVUzEdMBsGCSqGSIb3DQEJARYOaW5mb0B6
-ZXJvYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyiBrW9uiM
-6cZ61gewSzAQCW6pXokMb4CX2M0vG0SGWf9638EE6zw+mqlOF0eQ+B0ff0nGKoQ9
-8ugYiHLUMrv5B2WAwwidLwZoe9EwgFfiTUmnhJafmupRbZ70dqX3dg6Gj+n9FWSM
-JOYF3zgy/WNMGL+DDMj60zD8uzqrSPoocVabstGSZzwBTP1wOXya2PAHw24G6Uf6
-20i+uTpn789CrBwgdgbq3I23EPVW1TMFq+v8BrRTZJra+ndt9DalKcED9QkQEmjC
-1eJnPXfqEnbHsSjcjVYU27NN7dYNU/33Sc9uiUAIhZRbykUusetQ9F1NHXU5DiTl
-UuhaM0KS38eFAgMBAAGjggExMIIBLTAdBgNVHQ4EFgQU2fOoTJfPu/hS4Kcn7Siq
-8zpUsZYwgcIGA1UdIwSBujCBt4AU/tfGBlW7TcKW4yXA1OChL+hiYhmhgZSkgZEw
+ZXJvYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOpqzpCIUg
+rh5j4J2vorRRiDDAE2y1Fx6DQezgUqIz7gfS7/U/Y4HAx+A3uCHnA8ZVOtVgujv5
+gkWuA8953KTdXtg6zH3knBZjn5bY0w/r70vWNP0/AcO0M9JkHiqvLG0p1zVP7V3G
+X4ko1g+yKMsgX5YMuB2v+a6rrd9OYtwmMROdR81FtKsnHS7bEp+XSJgEQmxNjpMf
+sxFU2OogkVkSg5x0BXBNSckw162DWlJ+nZO2UD0f1gwHUOi7s0kR+AQpKhIxw6lD
+L9fyB/sfEt7JCdihgtrk8sWFc3/Gyv5sT+W2JbGLUggyLSIjIKUn/+6zxImaMMon
+VKbcmtoJy3+vAgMBAAGjggExMIIBLTAdBgNVHQ4EFgQU/F1Pq/BsAxG482jPiVSS
+P/l5KgYwgcIGA1UdIwSBujCBt4AU/tfGBlW7TcKW4yXA1OChL+hiYhmhgZSkgZEw
 gY4xGDAWBgNVBAMMD1plcm9DIFRlc3QgQ0EgMTEMMAoGA1UECwwDSWNlMRQwEgYD
 VQQKDAtaZXJvQywgSW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UECAwHRmxv
 cmlkYTELMAkGA1UEBhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29t
 gghp7ivyFB07bTALBgNVHQ8EBAMCBeAwFwYDVR0RBBAwDocEfwAAAYIGY2xpZW50
 MCEGA1UdEgQaMBiHBH8AAAGBEGlzc3VlckB6ZXJvYy5jb20wDQYJKoZIhvcNAQEL
-BQADggEBADX/88XcF7oAYePPz3Dsc4xQsiVGpAUakmE5Nkh8VR2Uh3VT+CXt4vh+
-pqUEhugERIF9mzsNGPKsFkHN/OZER9qmsGlf3B6a0V0P5l+VbmgXXvw1YqUydKA8
-rBjWCdoS+/URr265GpIwFCT1XfMWWwwXVz/0+vbSvzAsWNJYVyT8M/V/ZWJuqy7G
-FnvS24T+0oCCDSvxzoc2qglGTjvvlhPifR+gfOvO008tvTNQ2L0pgvgMLALVJR03
-sCFUOWszKXHFzp7MR3br3bAqqxteRhpFjnc1+XdIe1tQyWUrVzSY7ijQGxSwE2XK
-aPCj3NFF8tW0xdru4YdUgj3OuGDkWvs=
+BQADggEBALL6c90ekc9n/21Uq2Vrs6z0Wbe7hFMzDSOrSHkU1O3SC6opRuKj5WBz
+DcvqzUa58PoyQEMrqkaECrtc0BNEEodXbaMZGukmxVC5o2s5rzii8NoxfNx5RHzo
+UssstGD28A0A8lWedXX3/wzW12ffgpDWjD2MLRijM34xlp3d8RoUfj2T2ejdCbzx
+NdI81JnWJ04wDE1sS4dgWKnQuGkMocCn5CU3B8wqn05pIlFMZO9qlZeyKVhWaSlL
+9e4FE5880ckseJI+vbh1YMwIN2J1szhhdETerPTrla9pzjPbx+DZkQS7M4n2tE/j
+6CVhsfWWva+Cdih8OMod+FOjCqMjcnE=
 -----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/cacert2.p12 b/cpp/test/IceSSL/certs/cacert2.p12
index d69df7611a1..498dc7bcce3 100644
--- a/cpp/test/IceSSL/certs/cacert2.p12
+++ b/cpp/test/IceSSL/certs/cacert2.p12
diff --git a/cpp/test/IceSSL/certs/cacert2_priv.pem b/cpp/test/IceSSL/certs/cacert2_priv.pem
new file mode 100644
index 00000000000..e512a20a222
--- /dev/null
+++ b/cpp/test/IceSSL/certs/cacert2_priv.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAqigVgb6DdaNIiylgLXlwhLt3/r62PaHHW+tCBmslKvOF3gRH
+rmix7Yvgmy5GlXHZpNhWmvCwnYEXTd7TF8gMdVnjTBOx89eqzQv+vnl4wGdbpE9y
+WQVre8UnPlRHNN2XHSrMth81n6xoaf11arXRvbNp1ORogZFOoj1vc7nlYXkOdTPz
+rWfqYkIHNp5FW3ishv65Uv1ta3WNShRFvi+R6IOdX4SCGEtQKooG257b18AEvH81
+WgDOtcsgUjdvPnBKCdRm+/Uk9QykyLMe/v9u851JLWJoemjRLWUeoUv1i2vRA4AJ
+hdOz2rE9HpSKjIpntGbwVWmdF1TFwnaNx6ACdQIDAQABAoIBAEv0FJWTuw6Z0ln8
+IChsWuOE4y1dZ+/e9SR8wT4oObEQfyL5eh3KMhI9LAdZArzW0zYYM6B56/yCkSp7
+WnL1I0qG00U0TWzxSha5Uf8oLdSEzo1rwTkniDD5cmkKKbbZawjj//kTuVYLGZim
+QPFfM76gBY+4XUXo3Nbi4Ysg4dk9+7rVxLGXL3f2loXp/4GCJjL8KJ42ePyfqhzB
+cAm5oVBj069QKPtvPal+6F5AWVtUzq9IaQ7X5lvg3qKItkl84tLK/Fu+QS7TmA4i
+3lHHmS2W3dwDv4HRbd2OlqqS7U13lymRChtIVzEPzkYh3GDUjL5NHa/oQ9KKU1Kr
+L2/zRQECgYEA242Vq70ON1OlCN7n8G1AyYVfrsXMpJWm8qB5xgMzD1+W6LezXD1D
+bgsHvIOmR1xfQT0u8+VJ/r1mX8wD58uMLTXFeFbWbNzL5enmJ5Y9qUgV7TP7VA7O
+m7UJSwJhX9mzeU3BubsWEtYLObtZ2NYqAVveYUaybizAxSgD4J+6FWECgYEAxmdI
+CS7H2NVmLGK73g/lGvwj2VU+uRdl/S1Kpf8xsGO9m4NKuxkAxJdJbZCVVIzlW5Z+
+cK65dk9ieOloXC6xh4pFpofnbC37w1Fyh73Vk23jAQJd9yk1pVViztUkBukSGrAx
+jANa+/aReMpvyllYkAudKJwqil/E+UvcLUJ6MZUCgYEAtEzlqQ+s6Qqr8Uj9OJjA
+J758AU8268JqQ749wrtF504c5ChYB1vYUDqGs+15VAkrwKu6L1kRFz37IJiubGDg
+URBjhpvpo6T/XWRkOgZLxQUJ3K5fq3wtd/mIFC10Qf7KQMf2W8ykJ/vXZCXTdxsJ
+i+wiB8jDJ29hL4fZB1KkwoECgYA1iFqMd73eiL3XzhAou5syq8O0eWbCJEkVhen1
+XiT3FgJr+oHod7eYU8WxNWjFdnrQOowFNW+/N243d6r77HFkQ+/FHjhYHRQoQEqp
+y5PcArNUa2IVNV5PLPnLGwFsh+iloNLNl34uK/pWYDDHpVHbE/ckpPZpfau1JD3V
+THGR/QKBgQCPqpElKNNt1yJkwwHtW537QP/FQWme0JX2kGbASnM9EsdNMt/YULNh
+MG4o4xdRsD4gg00UCvfCOksl5IIY/VuYCg65Hqp16DrA8Fq8Jupd+nzwM6NvLmAU
+KgE/G+m+3XNxvjYMnbu2LxHjLnEMJDYfXg/MS7TzHc5Uu8zkRT5Q+w==
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/cacert2_pub.pem b/cpp/test/IceSSL/certs/cacert2_pub.pem
new file mode 100644
index 00000000000..4985e942a1c
--- /dev/null
+++ b/cpp/test/IceSSL/certs/cacert2_pub.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8zCCAtugAwIBAgIJALMaPFxOvsKMMA0GCSqGSIb3DQEBCwUAMIGOMRgwFgYD
+VQQDDA9aZXJvQyBUZXN0IENBIDIxDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwLWmVy
+b0MsIEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGExCzAJ
+BgNVBAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbTAeFw0xNTA0
+MTQxOTIwMjhaFw0yMDA0MTIxOTIwMjhaMIGOMRgwFgYDVQQDDA9aZXJvQyBUZXN0
+IENBIDIxDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwLWmVyb0MsIEluYy4xEDAOBgNV
+BAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGExCzAJBgNVBAYTAlVTMR0wGwYJ
+KoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKooFYG+g3WjSIspYC15cIS7d/6+tj2hx1vrQgZrJSrzhd4ER65o
+se2L4JsuRpVx2aTYVprwsJ2BF03e0xfIDHVZ40wTsfPXqs0L/r55eMBnW6RPclkF
+a3vFJz5URzTdlx0qzLYfNZ+saGn9dWq10b2zadTkaIGRTqI9b3O55WF5DnUz861n
+6mJCBzaeRVt4rIb+uVL9bWt1jUoURb4vkeiDnV+EghhLUCqKBtue29fABLx/NVoA
+zrXLIFI3bz5wSgnUZvv1JPUMpMizHv7/bvOdSS1iaHpo0S1lHqFL9Ytr0QOACYXT
+s9qxPR6UioyKZ7Rm8FVpnRdUxcJ2jcegAnUCAwEAAaNSMFAwDAYDVR0TBAUwAwEB
+/zAdBgNVHQ4EFgQUapTwhnmTEUdZs4iSemVHY960fnswIQYDVR0RBBowGIcEfwAA
+AYEQaXNzdWVyQHplcm9jLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAh3ypIObF3lF5
+qCs8MsHItqfa5BFBJVrnYY9cbipoQ7j8+KdrmT5g8CobsV0swSklC/Vufy495sTA
+LZ+F2ohA/CvlFsr8ylRINtrNVziqtRssizoWZpi0HTF3ar/bSLiaVdr3Nx1nSsMS
+UQqqRPvhUoJEGo4a6WXl8Av1Om/hX/1rBwhcAG9APbZ7jaBMDxohuoL/KPLwvHHX
+HuK4ZjY8v3fV9hfOc70AGy/HuPjHDHSdYwgTx43ZHP7nqJUuRE90qAwnE2e3UgGv
+x7Z48gKpn5zgAPKSQQ+vKCrr9ng5wZmEZPcWBgAHc+BXzfVh8YCsoEAaGmdnWyky
+x85pU3uAVw==
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/db/ca1/c_rsa_pass_ca1.pem b/cpp/test/IceSSL/certs/db/ca1/c_rsa_pass_ca1.pem
deleted file mode 100644
index b44fc28ec39..00000000000
--- a/cpp/test/IceSSL/certs/db/ca1/c_rsa_pass_ca1.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEwzCCA6ugAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBjjEYMBYGA1UEAwwPWmVy
-b0MgVGVzdCBDQSAxMQwwCgYDVQQLDANJY2UxFDASBgNVBAoMC1plcm9DLCBJbmMu
-MRAwDgYDVQQHDAdKdXBpdGVyMRAwDgYDVQQIDAdGbG9yaWRhMQswCQYDVQQGEwJV
-UzEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMTUwNDE0MTkyMDI5
-WhcNMjAwNDEyMTkyMDI5WjCBhTEPMA0GA1UEAwwGQ2xpZW50MQwwCgYDVQQLDANJ
-Y2UxFDASBgNVBAoMC1plcm9DLCBJbmMuMRAwDgYDVQQHDAdKdXBpdGVyMRAwDgYD
-VQQIDAdGbG9yaWRhMQswCQYDVQQGEwJVUzEdMBsGCSqGSIb3DQEJARYOaW5mb0B6
-ZXJvYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyiBrW9uiM
-6cZ61gewSzAQCW6pXokMb4CX2M0vG0SGWf9638EE6zw+mqlOF0eQ+B0ff0nGKoQ9
-8ugYiHLUMrv5B2WAwwidLwZoe9EwgFfiTUmnhJafmupRbZ70dqX3dg6Gj+n9FWSM
-JOYF3zgy/WNMGL+DDMj60zD8uzqrSPoocVabstGSZzwBTP1wOXya2PAHw24G6Uf6
-20i+uTpn789CrBwgdgbq3I23EPVW1TMFq+v8BrRTZJra+ndt9DalKcED9QkQEmjC
-1eJnPXfqEnbHsSjcjVYU27NN7dYNU/33Sc9uiUAIhZRbykUusetQ9F1NHXU5DiTl
-UuhaM0KS38eFAgMBAAGjggExMIIBLTAdBgNVHQ4EFgQU2fOoTJfPu/hS4Kcn7Siq
-8zpUsZYwgcIGA1UdIwSBujCBt4AU/tfGBlW7TcKW4yXA1OChL+hiYhmhgZSkgZEw
-gY4xGDAWBgNVBAMMD1plcm9DIFRlc3QgQ0EgMTEMMAoGA1UECwwDSWNlMRQwEgYD
-VQQKDAtaZXJvQywgSW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UECAwHRmxv
-cmlkYTELMAkGA1UEBhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29t
-gghp7ivyFB07bTALBgNVHQ8EBAMCBeAwFwYDVR0RBBAwDocEfwAAAYIGY2xpZW50
-MCEGA1UdEgQaMBiHBH8AAAGBEGlzc3VlckB6ZXJvYy5jb20wDQYJKoZIhvcNAQEL
-BQADggEBADX/88XcF7oAYePPz3Dsc4xQsiVGpAUakmE5Nkh8VR2Uh3VT+CXt4vh+
-pqUEhugERIF9mzsNGPKsFkHN/OZER9qmsGlf3B6a0V0P5l+VbmgXXvw1YqUydKA8
-rBjWCdoS+/URr265GpIwFCT1XfMWWwwXVz/0+vbSvzAsWNJYVyT8M/V/ZWJuqy7G
-FnvS24T+0oCCDSvxzoc2qglGTjvvlhPifR+gfOvO008tvTNQ2L0pgvgMLALVJR03
-sCFUOWszKXHFzp7MR3br3bAqqxteRhpFjnc1+XdIe1tQyWUrVzSY7ijQGxSwE2XK
-aPCj3NFF8tW0xdru4YdUgj3OuGDkWvs=
------END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/db/ca1/c_rsa_pass_ca1_key.pem b/cpp/test/IceSSL/certs/db/ca1/c_rsa_pass_ca1_key.pem
deleted file mode 100644
index 27dc177d356..00000000000
--- a/cpp/test/IceSSL/certs/db/ca1/c_rsa_pass_ca1_key.pem
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,4419D84B733392D7
-
-2ubouh7Qqf84pxvxBTT9V5BoxskHQJlPi2clMF6G+WivZf5beOz0QpWh6I/9uq6b
-Z6292W9zMjB7Zlr3/bpsvqnxe/e69Jz1/XlmDNXYfft0Yx8pjrdwuqikQ1xGSaHa
-6HFRw1DD90itROctY76hBH/kJlQiaEIZ6aP9F2sPJq6Cd5n4dwLyDPpIdwniJthX
-LYr85GQki1ezm1aVjbU+C06tSH0b3XzQExl98TN6wFHjtVqkx4uPL2OOqVZsgsmR
-8A7IKJtJ0qA0fepolRHrhi6pnam7hy7xKIywN2ioSqCmH3+FxL+dQNc2XXwYHdic
-vsyhtdyVDMoCy6N9cN5kd3zrLEyjNH7QPer/bcO8DVIMkP4Fsf+DULdBiEClGqf7
-6RLyg/Eq7KRhopQBx9AAzh4DCSkslkn12LKiJhPrYo4tCfaqyL+DGJAWIRjky+vz
-NM+jl77VYni5JdjK93Sdc4Db1U6L+MUtbVE+50GJsF7XE1iA/cOQ+DJyOb87LHYG
-BiQSKE6EMoPdOIsnI96QxALAg7LdwfLG2FKnr6M+TWoR16qwx9cduxKJsA0V6s/G
-XdUI/FddQ/T4MQsNnYj3a16pSeYKwW6kl7qmhM3abS/1jj7yrzhCL3oy2r1mAvgY
-XhglmN8EMzd2eOpxY3faP1BbJC5FzxRXcWdwno8Uha7FpDRIiLXCP9Z7O++5agLB
-OH7f2og05UfTg1JV9TBHv8XEdbiUfwIyl/EhXTJ3c3aTdni14spEKgyEygO1IAhr
-euT/lnok8iDeeiELeh5qCt4I+HXI9GzPTL/+vquz5NSHYCcN1rtwS9cJnJcODaPg
-Dc+Ddi/9doNEERMfrh2wmfLtKt289EWLbmeeAKEK5UtkDz/8CrkiZ0PtWfZhdpaT
-RwZrtVbyBHkZSoew5Jp1CCZxaRToln9XFIusu9RxaeQKoSUKCqB9n+qBKqg0j/qY
-Pl3+1XjMbYmkbg3wSul4M0JTBcvPv/kgqWEUSHlKlr8RCXyyZJKq2sDPW3Xj6QlJ
-sk83f18h9n6bby0Zn/govIgYA6eCV2acHc/dQfYJlGxACziMCVuo0oyTlvQfPSUI
-5LePlPBKVqe1cJIXaUGMjITuOtnLITxnXEtpGNK4KZAzbGW2ipUb+UhXg+SMzUbl
-y0RJpGjSgSNXDVsNISDcx3sj8pmut00dnPBubLgp80HLza5TqgkWAzvp9p+5Q+PL
-+6TsjTA+AqjOhXUjTetX4J646OVQYDpaDWvwvMv5QljINcj7neYzj3CV9/fOqMhI
-weCWCN23yWqH825AOUQviTcC4xF767/nSdaQBZoUekFZv59QD/8OE1FaXvsEm3Sy
-m/xHafu1cHsQ6jH1QEHaTWXIsmMyLDntMFuEQygQg037P7j6jLKzcSLG8YhcjrMe
-igmx1GFlQNGS3syuqs/X007K26DQjXs/AYEgsNPXSqLQDUYtMwOlS49iKPshYT+g
-1hKuwHkrynkmq4Pr+2XctUoJ3GTn/jMp89aOtuAcnR9yTwMpIcv88sqb166f08gA
-qvbGsgqfZlbfcBsAn6pvv0cn9yfm7Q4aO7cRCrnGlTcqfl7xACNQ5Q==
------END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/db/ca1/intermediate1/ca.pem b/cpp/test/IceSSL/certs/db/ca1/intermediate1/ca.pem
new file mode 100644
index 00000000000..b79e9309b0e
--- /dev/null
+++ b/cpp/test/IceSSL/certs/db/ca1/intermediate1/ca.pem
@@ -0,0 +1,56 @@
+-----BEGIN CERTIFICATE-----
+MIIEyDCCA7CgAwIBAgIIfi2HEJ5RQYIwDQYJKoZIhvcNAQELBQAwgY4xGDAWBgNV
+BAMMD1plcm9DIFRlc3QgQ0EgMTEMMAoGA1UECwwDSWNlMRQwEgYDVQQKDAtaZXJv
+QywgSW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UECAwHRmxvcmlkYTELMAkG
+A1UEBhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29tMB4XDTE1MDQx
+NjEyMjIzNVoXDTIwMDQxNDEyMjIzNVowgZsxJTAjBgNVBAMMHFplcm9DIFRlc3Qg
+SW50ZXJtZWRpYXRlIENBIDExDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwLWmVyb0Ms
+IEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGExCzAJBgNV
+BAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMrpr5vuhfuce4fcPOOabrLXVMKvX3eBClxd
+kUxq2lPj2eCCcUnxpIMbqLH916/+0OXvq83B52bZxuAFx3q9sUWEj+Nk1QEUF0ei
+/4ptYrKm3gg9KvU6EZGWW39yz3V4slStiOE+Kh30I1QQNz8cxtsSfh/XZhsaSUhd
+Ym+40qxRfD9jD5XvmcjDkPfu2pPU/gLjPm6ZSP7neduvk/DcUqC1gYTycRUOP89N
+zJv9BXUzE6/9tlEK7hnKiSlP4zNueS7aIWs92UKNq8WMtF+Qu84GhEX/gC1Vp/mt
+59ShBAGV6d9dkSySevOsIr04KtNZWsEENse9U4NItoDkY43TEXUCAwEAAaOCARkw
+ggEVMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFFKMa0DocXLYxAHwMLMXvc5/SHFm
+MIHCBgNVHSMEgbowgbeAFP7XxgZVu03CluMlwNTgoS/oYmIZoYGUpIGRMIGOMRgw
+FgYDVQQDDA9aZXJvQyBUZXN0IENBIDExDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwL
+WmVyb0MsIEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGEx
+CzAJBgNVBAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbYIIae4r
+8hQdO20wIQYDVR0SBBowGIcEfwAAAYEQaXNzdWVyQHplcm9jLmNvbTANBgkqhkiG
+9w0BAQsFAAOCAQEAkaARcA4D1FH6QsinmA4b1RTerBOjb2PMmEaWMw8GQ6viXLhZ
+ETFKlorXAeldmuQk/xmE7q6ZuwHVCDby5K8dZirqyjaAax838jaR30wB7HmWanJp
+iW2SNlqjyHBSjQ/OUg7adCgAES+/OPBDKORDC3pjdcyZEsO+9FcPagXUsCqTJANP
+JLSS9vMSanRUzfUudYRhi90T436rxPSYNfgyX8897rNLwHmaSa87nkl9FhCuJNrv
+jBbu7IwUTOeKUIG+cgIuJYFm/bbLGINDdOx0Kql8f4eakkZ/pOZgAyqnlhBmA42n
+R4qP4DtiAEIXdjOvfuiawWXoux1T2/q/0rqwHg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEyDCCA7CgAwIBAgIIfi2HEJ5RQYIwDQYJKoZIhvcNAQELBQAwgY4xGDAWBgNV
+BAMMD1plcm9DIFRlc3QgQ0EgMTEMMAoGA1UECwwDSWNlMRQwEgYDVQQKDAtaZXJv
+QywgSW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UECAwHRmxvcmlkYTELMAkG
+A1UEBhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29tMB4XDTE1MDQx
+NjEyMjIzNVoXDTIwMDQxNDEyMjIzNVowgZsxJTAjBgNVBAMMHFplcm9DIFRlc3Qg
+SW50ZXJtZWRpYXRlIENBIDExDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwLWmVyb0Ms
+IEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGExCzAJBgNV
+BAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMrpr5vuhfuce4fcPOOabrLXVMKvX3eBClxd
+kUxq2lPj2eCCcUnxpIMbqLH916/+0OXvq83B52bZxuAFx3q9sUWEj+Nk1QEUF0ei
+/4ptYrKm3gg9KvU6EZGWW39yz3V4slStiOE+Kh30I1QQNz8cxtsSfh/XZhsaSUhd
+Ym+40qxRfD9jD5XvmcjDkPfu2pPU/gLjPm6ZSP7neduvk/DcUqC1gYTycRUOP89N
+zJv9BXUzE6/9tlEK7hnKiSlP4zNueS7aIWs92UKNq8WMtF+Qu84GhEX/gC1Vp/mt
+59ShBAGV6d9dkSySevOsIr04KtNZWsEENse9U4NItoDkY43TEXUCAwEAAaOCARkw
+ggEVMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFFKMa0DocXLYxAHwMLMXvc5/SHFm
+MIHCBgNVHSMEgbowgbeAFP7XxgZVu03CluMlwNTgoS/oYmIZoYGUpIGRMIGOMRgw
+FgYDVQQDDA9aZXJvQyBUZXN0IENBIDExDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwL
+WmVyb0MsIEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGEx
+CzAJBgNVBAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbYIIae4r
+8hQdO20wIQYDVR0SBBowGIcEfwAAAYEQaXNzdWVyQHplcm9jLmNvbTANBgkqhkiG
+9w0BAQsFAAOCAQEAkaARcA4D1FH6QsinmA4b1RTerBOjb2PMmEaWMw8GQ6viXLhZ
+ETFKlorXAeldmuQk/xmE7q6ZuwHVCDby5K8dZirqyjaAax838jaR30wB7HmWanJp
+iW2SNlqjyHBSjQ/OUg7adCgAES+/OPBDKORDC3pjdcyZEsO+9FcPagXUsCqTJANP
+JLSS9vMSanRUzfUudYRhi90T436rxPSYNfgyX8897rNLwHmaSa87nkl9FhCuJNrv
+jBbu7IwUTOeKUIG+cgIuJYFm/bbLGINDdOx0Kql8f4eakkZ/pOZgAyqnlhBmA42n
+R4qP4DtiAEIXdjOvfuiawWXoux1T2/q/0rqwHg==
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/db/ca1/intermediate1/ca_key.pem b/cpp/test/IceSSL/certs/db/ca1/intermediate1/ca_key.pem
new file mode 100644
index 00000000000..b75bddc72b1
--- /dev/null
+++ b/cpp/test/IceSSL/certs/db/ca1/intermediate1/ca_key.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CE65FA48C1883D58
+
+ZjDLXCFNYreEeoOUOUozcbSTVnIhmEWztZeRh4R441Jfo5lL56vk44vQk+znFDne
+ENQcnpFWUxCcPZCpHLjOdmZ2eAO7Zv+dkQUj3vXRlZrvPk4L+CSwVpGggXwY9VFf
+dw9f/nbWu7TTtGEFmuxwbXfU9kbXazQ39rSpLkHnzIyZxLOlWrGmjfP4A4vIePxV
+fX3dVZa+khb8s540LnBUvU+iFi2frBMR/eWJjPtCs3wg1z86mdT/fBxi+pDIfRw8
+n9smtXYwo5a/6VTcc9PRpJ/rD8M9j/Phv90jzDfcIVmDlNH/YPNF+r4jNyZNp+jE
+slOXuOhq3k0bKQOnRUDROEdNZckXS9cNxFR9qzrJgquBAxn4OOC0++Vk+K7gxeRg
+YggVRsVyExvDQzU7MF2WXtWaPOMwh/+XWSuxZJxQseKQ+Fn9akKtOD5/2UIFY+ga
+mfSwQOmlO9C1KHyOtTJZ02PkdczzKmFYNR32l3cHgPJi1KvyPBZFZ3O48namV2Md
+WTKlx+Q2hHXVf7/W7q+m21aNhOlyRy+MU/vG5vmDsZmd7GkOXAixsLsUrdpv98ks
+wAbXwLJp5SAW7o+gbcxBNHJHw2gFiMJxm3blDnHM8Fm+nmHheOt8FHyrQGsqfDfN
+vyjeGuslT2vIZr/97wpNKavFvMIVyTGC+rW4HZVAVVHgKpKH9vYqtsSC4KayYyWx
+JEhU2mMeY7n6fvwCL7MDNH+046IR6/GWCFmPirr3C6x0+5cuvA2++MHNLX1pK58E
+G/YZTReGwshpdptrFtrR3v7ok9Fs3AThCMILlSksHEmCn1qg+bOFw8DL5ePhQV+Q
+oTnPkgxgzXJfQ3gDAEV/qr9yAqlu31x3MnU+E7+4ioYAEAs27fT16ZSWvSwjyo3/
+QebutcGlgFF2msS9JZrq4gRmtNtFKF7AZGx3bTMGbSUJDZAUeQqYhzlRl5Q/okkL
+ZEqs04HMkkAI9M+m61hokLk0cTvqq6iKF5ywOzwUCcB9Wpg84eKVKCpxNS4Pd3xn
+e7Kbebn2e6ellEt6B5XtPT3Ml2lTguWXUCtJMddRHb0A2FKT1w5qPnlrid36e2fy
+YnbjFQz6lUQzN0eylTu9kHXzK/9r6oY4t/YxTrKJ6Ig3rkuWmcNPImJZ3LJNL+vU
+DXeGSUz5oeXlcS2YgtUE84JY5oLH4MGJdqcuall7LArcJEdDzBpFAg80S8cHka/c
+Qkz6FMMbqT+OMCWLALljkd2kFFg7CdVJjJ/dPnrTpwe7LG4dpLU/idSiGIBn/gia
+onRsGqEiH5JoDKW5cU8M8d1CoAlf9sd0DOoe4K+cSZpl6K3PmjN9Ir/wNo3s0NbJ
+HT+Z40uy7YHjWsr9HqfsOK2zna3dkMisy23Zfq3q9Mj9gq69rH5/ZHYHe1tjZI67
+UQf/drzZXTc2QmkGzF2STXM4oKUN1rLgGEzw8+7qOmEJg5L26l1Xfim10xJlXJQv
+ALF/6SwKuw0n+xitcEI62iABNxWgf/elV8cqY9ukEDoxY6qRySU1fkLfKOCC0iXC
+wbxxEGhno9jU6wYUimgzxaS17LLZjJVRjHsgEvNfxGxIa2uoa0Cz4g==
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/db/ca1/intermediate1/intermediate1/ca.pem b/cpp/test/IceSSL/certs/db/ca1/intermediate1/intermediate1/ca.pem
new file mode 100644
index 00000000000..7d5ae4f49b6
--- /dev/null
+++ b/cpp/test/IceSSL/certs/db/ca1/intermediate1/intermediate1/ca.pem
@@ -0,0 +1,84 @@
+-----BEGIN CERTIFICATE-----
+MIIEsDCCA5igAwIBAgIIIsQP2vo83uEwDQYJKoZIhvcNAQELBQAwgZsxJTAjBgNV
+BAMMHFplcm9DIFRlc3QgSW50ZXJtZWRpYXRlIENBIDExDDAKBgNVBAsMA0ljZTEU
+MBIGA1UECgwLWmVyb0MsIEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgM
+B0Zsb3JpZGExCzAJBgNVBAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9j
+LmNvbTAeFw0xNTA0MTYxMjIyMzVaFw0yMDA0MTQxMjIyMzVaMIGbMSUwIwYDVQQD
+DBxaZXJvQyBUZXN0IEludGVybWVkaWF0ZSBDQSAyMQwwCgYDVQQLDANJY2UxFDAS
+BgNVBAoMC1plcm9DLCBJbmMuMRAwDgYDVQQHDAdKdXBpdGVyMRAwDgYDVQQIDAdG
+bG9yaWRhMQswCQYDVQQGEwJVUzEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCztRo3bxb8ddw8l5w1
+aG2YNx9tgPzTDhSStbQdiKQ6pbFTK8oP7eNmyiHq4ZL/BiW9pwUqBZf7KlKLClv2
+8vDwaN1fV0/J7bJT7ogPDbcu6WxhIf9VQbg/urvL6TIk0mRthht0FZ06oUKfqjpY
+l9T9ytUen1TYd319Q81Zd7KyTVx6gnoDs6axDHOY4GrCaMh+lNWtgxXceG4nKrNv
+h/7tkuswx3XHP/PTB19m1MPx/d7a/c8aUbKIHe/KWa6W9ou58gXgz4Slduf+3QSE
+NhT8JsNiGra+DxFkfWlJOhl7l2zMHLmuLXopPG4e9o/ojWP+mo1WkOeK+pzTOHEa
++gDpAgMBAAGjgfUwgfIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUEONhazSlHzYK
+KnFD1/GG8MPYEdQwgcIGA1UdIwSBujCBt4AUUoxrQOhxctjEAfAwsxe9zn9IcWah
+gZSkgZEwgY4xGDAWBgNVBAMMD1plcm9DIFRlc3QgQ0EgMTEMMAoGA1UECwwDSWNl
+MRQwEgYDVQQKDAtaZXJvQywgSW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UE
+CAwHRmxvcmlkYTELMAkGA1UEBhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVy
+b2MuY29tggh+LYcQnlFBgjANBgkqhkiG9w0BAQsFAAOCAQEAhjWXKE5LZ5lf34x7
+7sjzPTLNeAZqs9PcsQdlBZdSrdFOiCnQI/+2N9jzoZWDJE/EVxKX8/UZwcCl0iFB
+FwObz2kmhLUB+++irMK/caZtkf6S5e2BJMkpheaa3kxO8YAytSbHsz/E0kZ3hm/m
+9VUXS2efloiO5DyTIqJa/2IEJxjj4vYmBi8XAsDuKGamel+pqQEBosns3qnGOb/f
+JCbfIJ00m4A048B/sDwEdBc4EQDqMM12+UHjgCkJHXXGqsTo9UDsOQQZMWbM04Tr
+2IBGbwWD4ZskDdc1yMxg/74mA47iztLXc+tDn8GIqj2jkUybmsWXlkCOjAxlpUbh
+5MaD4w==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEsDCCA5igAwIBAgIIIsQP2vo83uEwDQYJKoZIhvcNAQELBQAwgZsxJTAjBgNV
+BAMMHFplcm9DIFRlc3QgSW50ZXJtZWRpYXRlIENBIDExDDAKBgNVBAsMA0ljZTEU
+MBIGA1UECgwLWmVyb0MsIEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgM
+B0Zsb3JpZGExCzAJBgNVBAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9j
+LmNvbTAeFw0xNTA0MTYxMjIyMzVaFw0yMDA0MTQxMjIyMzVaMIGbMSUwIwYDVQQD
+DBxaZXJvQyBUZXN0IEludGVybWVkaWF0ZSBDQSAyMQwwCgYDVQQLDANJY2UxFDAS
+BgNVBAoMC1plcm9DLCBJbmMuMRAwDgYDVQQHDAdKdXBpdGVyMRAwDgYDVQQIDAdG
+bG9yaWRhMQswCQYDVQQGEwJVUzEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCztRo3bxb8ddw8l5w1
+aG2YNx9tgPzTDhSStbQdiKQ6pbFTK8oP7eNmyiHq4ZL/BiW9pwUqBZf7KlKLClv2
+8vDwaN1fV0/J7bJT7ogPDbcu6WxhIf9VQbg/urvL6TIk0mRthht0FZ06oUKfqjpY
+l9T9ytUen1TYd319Q81Zd7KyTVx6gnoDs6axDHOY4GrCaMh+lNWtgxXceG4nKrNv
+h/7tkuswx3XHP/PTB19m1MPx/d7a/c8aUbKIHe/KWa6W9ou58gXgz4Slduf+3QSE
+NhT8JsNiGra+DxFkfWlJOhl7l2zMHLmuLXopPG4e9o/ojWP+mo1WkOeK+pzTOHEa
++gDpAgMBAAGjgfUwgfIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUEONhazSlHzYK
+KnFD1/GG8MPYEdQwgcIGA1UdIwSBujCBt4AUUoxrQOhxctjEAfAwsxe9zn9IcWah
+gZSkgZEwgY4xGDAWBgNVBAMMD1plcm9DIFRlc3QgQ0EgMTEMMAoGA1UECwwDSWNl
+MRQwEgYDVQQKDAtaZXJvQywgSW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UE
+CAwHRmxvcmlkYTELMAkGA1UEBhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVy
+b2MuY29tggh+LYcQnlFBgjANBgkqhkiG9w0BAQsFAAOCAQEAhjWXKE5LZ5lf34x7
+7sjzPTLNeAZqs9PcsQdlBZdSrdFOiCnQI/+2N9jzoZWDJE/EVxKX8/UZwcCl0iFB
+FwObz2kmhLUB+++irMK/caZtkf6S5e2BJMkpheaa3kxO8YAytSbHsz/E0kZ3hm/m
+9VUXS2efloiO5DyTIqJa/2IEJxjj4vYmBi8XAsDuKGamel+pqQEBosns3qnGOb/f
+JCbfIJ00m4A048B/sDwEdBc4EQDqMM12+UHjgCkJHXXGqsTo9UDsOQQZMWbM04Tr
+2IBGbwWD4ZskDdc1yMxg/74mA47iztLXc+tDn8GIqj2jkUybmsWXlkCOjAxlpUbh
+5MaD4w==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEyDCCA7CgAwIBAgIIfi2HEJ5RQYIwDQYJKoZIhvcNAQELBQAwgY4xGDAWBgNV
+BAMMD1plcm9DIFRlc3QgQ0EgMTEMMAoGA1UECwwDSWNlMRQwEgYDVQQKDAtaZXJv
+QywgSW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UECAwHRmxvcmlkYTELMAkG
+A1UEBhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29tMB4XDTE1MDQx
+NjEyMjIzNVoXDTIwMDQxNDEyMjIzNVowgZsxJTAjBgNVBAMMHFplcm9DIFRlc3Qg
+SW50ZXJtZWRpYXRlIENBIDExDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwLWmVyb0Ms
+IEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGExCzAJBgNV
+BAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMrpr5vuhfuce4fcPOOabrLXVMKvX3eBClxd
+kUxq2lPj2eCCcUnxpIMbqLH916/+0OXvq83B52bZxuAFx3q9sUWEj+Nk1QEUF0ei
+/4ptYrKm3gg9KvU6EZGWW39yz3V4slStiOE+Kh30I1QQNz8cxtsSfh/XZhsaSUhd
+Ym+40qxRfD9jD5XvmcjDkPfu2pPU/gLjPm6ZSP7neduvk/DcUqC1gYTycRUOP89N
+zJv9BXUzE6/9tlEK7hnKiSlP4zNueS7aIWs92UKNq8WMtF+Qu84GhEX/gC1Vp/mt
+59ShBAGV6d9dkSySevOsIr04KtNZWsEENse9U4NItoDkY43TEXUCAwEAAaOCARkw
+ggEVMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFFKMa0DocXLYxAHwMLMXvc5/SHFm
+MIHCBgNVHSMEgbowgbeAFP7XxgZVu03CluMlwNTgoS/oYmIZoYGUpIGRMIGOMRgw
+FgYDVQQDDA9aZXJvQyBUZXN0IENBIDExDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwL
+WmVyb0MsIEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGEx
+CzAJBgNVBAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbYIIae4r
+8hQdO20wIQYDVR0SBBowGIcEfwAAAYEQaXNzdWVyQHplcm9jLmNvbTANBgkqhkiG
+9w0BAQsFAAOCAQEAkaARcA4D1FH6QsinmA4b1RTerBOjb2PMmEaWMw8GQ6viXLhZ
+ETFKlorXAeldmuQk/xmE7q6ZuwHVCDby5K8dZirqyjaAax838jaR30wB7HmWanJp
+iW2SNlqjyHBSjQ/OUg7adCgAES+/OPBDKORDC3pjdcyZEsO+9FcPagXUsCqTJANP
+JLSS9vMSanRUzfUudYRhi90T436rxPSYNfgyX8897rNLwHmaSa87nkl9FhCuJNrv
+jBbu7IwUTOeKUIG+cgIuJYFm/bbLGINDdOx0Kql8f4eakkZ/pOZgAyqnlhBmA42n
+R4qP4DtiAEIXdjOvfuiawWXoux1T2/q/0rqwHg==
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/db/ca1/intermediate1/intermediate1/ca_key.pem b/cpp/test/IceSSL/certs/db/ca1/intermediate1/intermediate1/ca_key.pem
new file mode 100644
index 00000000000..614ee76339e
--- /dev/null
+++ b/cpp/test/IceSSL/certs/db/ca1/intermediate1/intermediate1/ca_key.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,478F57B3BF87F2B6
+
+2Iue7Bra95pBsmITe5vRmTcm9+FbH+hcF5zZyibZpWxq3WQepCLThcuQ+aaqq7nb
+c/9fJAPsGjrOfreYOPuAE+WllQ0t7XG4rnX013m4OKGW933BEWl519MzrLbnPl7j
+e9eJKl/4saVNN0yG10eWhDMey87M2xQLUMN4BbVDdZofjmEaP5nx2R8JRJvNDqIr
+8odULh8C7skLWEFm+J+u2JrnFsO2KnLqeJ2RXu95p42lTt0Tufpyl+gDqHNN5bKm
+jopxc9ePGuXMs941KLZO3LIrxX7NDoPjapk2lFaFcUIYEkiPH1pjeUIPNRRsZq07
+AZCYWW0WUPsF8v+BhNI16wQ3SefVGSd3VuZQ1MxbffXtWpdWqV1k5UrUoQBZczFM
+x6fEJ0IsR7iuzU4R0QUywD2xpaeUSAhW9kxd+l/XscfzXkIPtwzg2ztv+wl04B+q
+Izp48QOhWWGupsZVkgoVaILCqeSwTn6EibcJ9qhCZCLf5usGxm0r+mnyFCEjAPuY
+9YvQOYRwFNDC+3s6kJ6YWQDq37H7i6JtkFG4DmgotJ2agrEIopSBa1DV1KLDQ6ks
+7RGJeO0l8xgzUq4ZG1MkzlktTJZ38AlqCaEZul0Tlh4NQ3VDjCKfZnaSe18WE9Vk
+OclhtGJgX0dWc03n0r9JfBB8cgFKwhQRAf9IxSPeRnGtXzlX44TJ8oS9vRW5UF0F
+pFWma8OQJAaIrjK/HiWUZTH0dnUveNwmLW813arj9/rsjsg54CLqgW0RamvOwFZa
+nRF/oMfcImgGJnTUZCJlFogUgAS+EGIKAydztPDhWIrLpM5GsEwN38+lz4I4Nlp0
+AGY9jMKoWtoCA13ZpIpAFf5dH6CvLXosZI2g4E8mirxjWGXpIOApefqRPzUvPZrs
+zIM/ALBOcWIGLTj6ZFnrEg8LkQqYJ8jlO3XaoXgqDX39zHEV1jQw46kLr5pikDVS
+1YjlPBj3313fCxhMccnk7g5mZATX25O9XDNOXtIqKUQPUTvjfgFY/tL/TCFuTVJ9
+zEeqO+lfWI/wc3KsVQK/P4a/1ReaDj74XlX2YZyJbZ52aknWgSAtMWMO7gPkO81o
+cDTPTiBXYDyQKM/f91BlBxjTgTa0tQjHh8M1F5WQWECsEn53HpG/ZPutqoEHwFVN
+H5ll1o7unKfO8xYEa08JjU/y5afaFlwBzIb/zAIofnNfcHdrYMkBcrkkxUAOtVE9
+8SWjOAsIVN6FT8OCrBCeoZPrCf2vXVr4scTKoArLeauwEb14/Qjvmquc4azbVUTr
+GC/vFJ7e0PkZDtVKEBWsoVWPxQE/epqpj09Gnw017BQOTwEj+gZnJ/FkJyv34uXp
+Eg5RqWWwKfKdVD4fudA6C6gcLJQdUsz+0hYeR0M4tuTJh92nxV81eZj7x5/TsWm4
+oX10XrErqDI+rE8BlgmXXqI9sZFoNWJSg4RpEK1WPJNWgCTCMj0fmtM/CxHZt26X
+xWOrKl4oKFtFIRbgNef1wJw5oPReL7ozKGOgoI2q53kNdoV6Vlxhm7c4M0pixzGh
+Rbs8zhmox9ILeEazWfBJb4gcw03S5AmZ0pvWkaZv+nm1AnZgAuqIrQ==
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/db/ca1/intermediate1/intermediate1/s_rsa_cai2.pem b/cpp/test/IceSSL/certs/db/ca1/intermediate1/intermediate1/s_rsa_cai2.pem
new file mode 100644
index 00000000000..45adc92b49d
--- /dev/null
+++ b/cpp/test/IceSSL/certs/db/ca1/intermediate1/intermediate1/s_rsa_cai2.pem
@@ -0,0 +1,84 @@
+-----BEGIN CERTIFICATE-----
+MIIEwTCCA6mgAwIBAgIIIXe/uTOUuuMwDQYJKoZIhvcNAQELBQAwgZsxJTAjBgNV
+BAMMHFplcm9DIFRlc3QgSW50ZXJtZWRpYXRlIENBIDIxDDAKBgNVBAsMA0ljZTEU
+MBIGA1UECgwLWmVyb0MsIEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgM
+B0Zsb3JpZGExCzAJBgNVBAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9j
+LmNvbTAeFw0xNTA0MTYxMjIyMzVaFw0yMDA0MTQxMjIyMzVaMIGFMQ8wDQYDVQQD
+DAZTZXJ2ZXIxDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwLWmVyb0MsIEluYy4xEDAO
+BgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGExCzAJBgNVBAYTAlVTMR0w
+GwYJKoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANzk33wyW/L+d5THp2XIaGlpSVHRIqkeOHnr4BoEHWdYoTja
+YNcwKsP2DFRj6hFQ2KXnL4mXZ3J4pa4p6Lrby4Mrv4CJR3BvoMhv7rC5BJ3O1M5S
+hTMLdC0uBBIhA87WLL78iCxWaY4epBWYmNZbSkBKovxcp2RHEJW8EtFTNUV+x82R
+FBAAtgOea5716KHLgI0V//7f2WK4L3AEyuLbpOul2UpBmF8QjeuxZKVV8F/4eiIl
+6SIIe6ENq9VlfV1EITts7Pwn2xLhKYZow+7oPJ6vYOuVL4liz53JibVoBK40fepC
+xCYrWDd05TnGXAtHKmFxSXZndBESuAP5yrdCe+cCAwEAAaOCARswggEXMB0GA1Ud
+DgQWBBQC+5gpX/M1xQcExr9YymqGZeprZDCBzwYDVR0jBIHHMIHEgBQQ42FrNKUf
+NgoqcUPX8Ybww9gR1KGBoaSBnjCBmzElMCMGA1UEAwwcWmVyb0MgVGVzdCBJbnRl
+cm1lZGlhdGUgQ0EgMTEMMAoGA1UECwwDSWNlMRQwEgYDVQQKDAtaZXJvQywgSW5j
+LjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UECAwHRmxvcmlkYTELMAkGA1UEBhMC
+VVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29tgggixA/a+jze4TALBgNV
+HQ8EBAMCBeAwFwYDVR0RBBAwDocEfwAAAYIGc2VydmVyMA0GCSqGSIb3DQEBCwUA
+A4IBAQAf2E3lJSgfJqkqawuxCkonz1ExBZhVleXv6fPd8H3vn3/vKBIOcrVfVptO
+jfB+5P0oD8Mgs1TFlcjvL6o7AL+ABjVeU/8/7IGTOlGtGk62iOQhc2IMpQT0xRSH
+kr+FNxNzpzzNFX6BJqOlDQWVlox+zTtNl5YcsuFfRb8GasXpvWARGV0/B3oliOzo
+87Df5u9i59xjCh1eKq7Fhr24sCA6e8+YILjyI5dMcuwjwxSSwYcDNt72wfvZ2bq/
+pjWFgcOMpiXvqFqtrc+NDidV4DWH6rwfESNiC/dlrj+JSwH0goSGd4M0ZArw68Br
+tup07+ei64nig6gW55qASIlihM6o
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEsDCCA5igAwIBAgIIIsQP2vo83uEwDQYJKoZIhvcNAQELBQAwgZsxJTAjBgNV
+BAMMHFplcm9DIFRlc3QgSW50ZXJtZWRpYXRlIENBIDExDDAKBgNVBAsMA0ljZTEU
+MBIGA1UECgwLWmVyb0MsIEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgM
+B0Zsb3JpZGExCzAJBgNVBAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9j
+LmNvbTAeFw0xNTA0MTYxMjIyMzVaFw0yMDA0MTQxMjIyMzVaMIGbMSUwIwYDVQQD
+DBxaZXJvQyBUZXN0IEludGVybWVkaWF0ZSBDQSAyMQwwCgYDVQQLDANJY2UxFDAS
+BgNVBAoMC1plcm9DLCBJbmMuMRAwDgYDVQQHDAdKdXBpdGVyMRAwDgYDVQQIDAdG
+bG9yaWRhMQswCQYDVQQGEwJVUzEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCztRo3bxb8ddw8l5w1
+aG2YNx9tgPzTDhSStbQdiKQ6pbFTK8oP7eNmyiHq4ZL/BiW9pwUqBZf7KlKLClv2
+8vDwaN1fV0/J7bJT7ogPDbcu6WxhIf9VQbg/urvL6TIk0mRthht0FZ06oUKfqjpY
+l9T9ytUen1TYd319Q81Zd7KyTVx6gnoDs6axDHOY4GrCaMh+lNWtgxXceG4nKrNv
+h/7tkuswx3XHP/PTB19m1MPx/d7a/c8aUbKIHe/KWa6W9ou58gXgz4Slduf+3QSE
+NhT8JsNiGra+DxFkfWlJOhl7l2zMHLmuLXopPG4e9o/ojWP+mo1WkOeK+pzTOHEa
++gDpAgMBAAGjgfUwgfIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUEONhazSlHzYK
+KnFD1/GG8MPYEdQwgcIGA1UdIwSBujCBt4AUUoxrQOhxctjEAfAwsxe9zn9IcWah
+gZSkgZEwgY4xGDAWBgNVBAMMD1plcm9DIFRlc3QgQ0EgMTEMMAoGA1UECwwDSWNl
+MRQwEgYDVQQKDAtaZXJvQywgSW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UE
+CAwHRmxvcmlkYTELMAkGA1UEBhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVy
+b2MuY29tggh+LYcQnlFBgjANBgkqhkiG9w0BAQsFAAOCAQEAhjWXKE5LZ5lf34x7
+7sjzPTLNeAZqs9PcsQdlBZdSrdFOiCnQI/+2N9jzoZWDJE/EVxKX8/UZwcCl0iFB
+FwObz2kmhLUB+++irMK/caZtkf6S5e2BJMkpheaa3kxO8YAytSbHsz/E0kZ3hm/m
+9VUXS2efloiO5DyTIqJa/2IEJxjj4vYmBi8XAsDuKGamel+pqQEBosns3qnGOb/f
+JCbfIJ00m4A048B/sDwEdBc4EQDqMM12+UHjgCkJHXXGqsTo9UDsOQQZMWbM04Tr
+2IBGbwWD4ZskDdc1yMxg/74mA47iztLXc+tDn8GIqj2jkUybmsWXlkCOjAxlpUbh
+5MaD4w==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEyDCCA7CgAwIBAgIIfi2HEJ5RQYIwDQYJKoZIhvcNAQELBQAwgY4xGDAWBgNV
+BAMMD1plcm9DIFRlc3QgQ0EgMTEMMAoGA1UECwwDSWNlMRQwEgYDVQQKDAtaZXJv
+QywgSW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UECAwHRmxvcmlkYTELMAkG
+A1UEBhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29tMB4XDTE1MDQx
+NjEyMjIzNVoXDTIwMDQxNDEyMjIzNVowgZsxJTAjBgNVBAMMHFplcm9DIFRlc3Qg
+SW50ZXJtZWRpYXRlIENBIDExDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwLWmVyb0Ms
+IEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGExCzAJBgNV
+BAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMrpr5vuhfuce4fcPOOabrLXVMKvX3eBClxd
+kUxq2lPj2eCCcUnxpIMbqLH916/+0OXvq83B52bZxuAFx3q9sUWEj+Nk1QEUF0ei
+/4ptYrKm3gg9KvU6EZGWW39yz3V4slStiOE+Kh30I1QQNz8cxtsSfh/XZhsaSUhd
+Ym+40qxRfD9jD5XvmcjDkPfu2pPU/gLjPm6ZSP7neduvk/DcUqC1gYTycRUOP89N
+zJv9BXUzE6/9tlEK7hnKiSlP4zNueS7aIWs92UKNq8WMtF+Qu84GhEX/gC1Vp/mt
+59ShBAGV6d9dkSySevOsIr04KtNZWsEENse9U4NItoDkY43TEXUCAwEAAaOCARkw
+ggEVMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFFKMa0DocXLYxAHwMLMXvc5/SHFm
+MIHCBgNVHSMEgbowgbeAFP7XxgZVu03CluMlwNTgoS/oYmIZoYGUpIGRMIGOMRgw
+FgYDVQQDDA9aZXJvQyBUZXN0IENBIDExDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwL
+WmVyb0MsIEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGEx
+CzAJBgNVBAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbYIIae4r
+8hQdO20wIQYDVR0SBBowGIcEfwAAAYEQaXNzdWVyQHplcm9jLmNvbTANBgkqhkiG
+9w0BAQsFAAOCAQEAkaARcA4D1FH6QsinmA4b1RTerBOjb2PMmEaWMw8GQ6viXLhZ
+ETFKlorXAeldmuQk/xmE7q6ZuwHVCDby5K8dZirqyjaAax838jaR30wB7HmWanJp
+iW2SNlqjyHBSjQ/OUg7adCgAES+/OPBDKORDC3pjdcyZEsO+9FcPagXUsCqTJANP
+JLSS9vMSanRUzfUudYRhi90T436rxPSYNfgyX8897rNLwHmaSa87nkl9FhCuJNrv
+jBbu7IwUTOeKUIG+cgIuJYFm/bbLGINDdOx0Kql8f4eakkZ/pOZgAyqnlhBmA42n
+R4qP4DtiAEIXdjOvfuiawWXoux1T2/q/0rqwHg==
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/db/ca1/intermediate1/intermediate1/s_rsa_cai2_key.pem b/cpp/test/IceSSL/certs/db/ca1/intermediate1/intermediate1/s_rsa_cai2_key.pem
new file mode 100644
index 00000000000..c2fd65ec6f4
--- /dev/null
+++ b/cpp/test/IceSSL/certs/db/ca1/intermediate1/intermediate1/s_rsa_cai2_key.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8C82DBE4FDAC11B3
+
+UXJBTDoKoVekT6OqONM2odLv+tScVzXrfRuZbp8y7VdmY2LDk/wYRT+l9upRMqAw
+ALnery3FOGiMnLmJRXdNkzyY8j/1SlITOqXV92VI0GZ1lYKrc96AWCiUlSupWMin
+B1m3ensnJuL1WP1xNdMtVxnJaZ7jMmhpOgfWcYih+Ryefi7JbJbMckXo3ENn4WeT
+2yy205pqngkHLwaABmnoaqXa7oKHFdemQvIJsWnTQIozofvNJJ84aM2+6YGFJVfJ
+5gfi4gWRd6F2XEW7LEEgGhnVY0w0hgGSO3AR0M3G1i622FH3zzx1UZh6ZbYG18oW
+T5qR2TgJkpGyifu82tRCFJO3j/0X3mnp9szFGFv8uA0gwEfV8x8ayGTH93DwZ8dd
+FzRMefEvgz1niVyk74a/0a+9/h+erZuSEpkUafUaBBgXfeTeXvxt6t48+bZekFRM
+/2G9LZWsM1m8mSdzSKkrTJ8qvoyJrN9d/mUMoL3GHdkL6rpEB/E0nPnrOZSOSeRQ
+KjEf3IAzMM0omtywtNojNaiAG98fkqSmRGx4yPAipryx4fRMu71L00O3f5XcHVkW
+Epvl/mPsZxsOVLJL0ouvlWcIgiudJE0BWzVYFkh7YLTPJiD4GNuGbufQv1CtYKpb
+WpIC9LqkXQTKSUIIZxnUHBvGqDJldXE9BuXx5Bp+YE3Rtq3dVKK4ckIzg8eOKM5d
+NxkPSp35qM0R53+dbARpoT3cgv4axPy+3rocwQoGQgH4/++zK0B0TNdfgd1zsHwz
+qNlqKknViBnqtJpGd8mmIyP9jAlcb7ubUJWvLRl+jiiTFGrSjnxLWmWbSaQhPwzx
+JQ+H0EaFn02r4jUUSLEl1STndOIti5as0PysI4PdNNLbC9xDo5NAm/EPmSUHISfF
+yJH+s+ufVRWjqs/aPcxnwJD5jVuDmVD4GU5hgxrEuBVlikmc3ieVwtHzP/CHiCUB
+MLcJ70+Z4HY/xB4paOXounLeN8NgVvvCrQK5SsN2EIDZq6F3/BjcRgOfhsQO3CDG
+qfR8Ds6MpPB6iEGAlSaNyRv6wzANtI0Pw+TRI/eaqKhYS8XgVGXC4YG6aGC3LJTB
+WMSDWWqkLqE5L7GXGDezJMtE3qu/awqdzEDoVs/ceH1u4F4CP4pAyf5IcQiRygoD
+xRfBiFdnD4vlgf80qePegwDBRcPCxW+TYCw0ddb/iX7f5UW4In0VQh/FrLcj7oie
+mgfwtVLqbyRaeRU+JSZBAx52LM6DtYrO8/sTk4CEnct9wfXppbfRVqp6X0+NQmgi
+UHnoIL0XwpNMyuO6jUzqrLzLvTOuBPLubg1WmqNsPKiLT7oyzguiKDGQmt50Jc9y
+qEfsQb2qhewcX3lAlnxxSMw+OeR/zQC7IigydOJC5NoIFWwRFADXlz2shZBPeI9E
+SRUrNfWJ/xBpeNf9p3cLcyDJfiUlOZoa+a5+vBNiACHFDmW+x5cwvRYwYVIHJrt4
+dL9yAtQTNcIuc5dznClUZxCxQ+803FwlDu5noESF3wNnx0VDf1tsncCFkdhU2MgI
+LExG07xf+ZenUM0D1Jw919lLlJNnNRPNXOfva4oSDqlPsHc+guSSE1mxj9bh+WaM
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/db/ca1/intermediate1/s_rsa_cai1.pem b/cpp/test/IceSSL/certs/db/ca1/intermediate1/s_rsa_cai1.pem
new file mode 100644
index 00000000000..d61c3972a10
--- /dev/null
+++ b/cpp/test/IceSSL/certs/db/ca1/intermediate1/s_rsa_cai1.pem
@@ -0,0 +1,56 @@
+-----BEGIN CERTIFICATE-----
+MIIEtTCCA52gAwIBAgIJAKBL6oaFGEbFMA0GCSqGSIb3DQEBCwUAMIGbMSUwIwYD
+VQQDDBxaZXJvQyBUZXN0IEludGVybWVkaWF0ZSBDQSAxMQwwCgYDVQQLDANJY2Ux
+FDASBgNVBAoMC1plcm9DLCBJbmMuMRAwDgYDVQQHDAdKdXBpdGVyMRAwDgYDVQQI
+DAdGbG9yaWRhMQswCQYDVQQGEwJVUzEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJv
+Yy5jb20wHhcNMTUwNDE2MTIyMjM1WhcNMjAwNDE0MTIyMjM1WjCBhTEPMA0GA1UE
+AwwGU2VydmVyMQwwCgYDVQQLDANJY2UxFDASBgNVBAoMC1plcm9DLCBJbmMuMRAw
+DgYDVQQHDAdKdXBpdGVyMRAwDgYDVQQIDAdGbG9yaWRhMQswCQYDVQQGEwJVUzEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDIda9JeDlLVjyb/Yt5jwpLtJOoucY4UGHv9nWU59ezIgAF
+j+LFcgiFPq2gx2YFY6U7cKuUm+8hikomfzTVyeKKGg/w74pEi+jQmVmUCKOu3ab+
+cgebKzq6BC4tiM3m+FcXDI2hv0bDrxyDZjlnRjqNdlFOPsW8BQB8x0OJqnaX/mTL
+cQedP2AD1oNuPiJ8NLcnlpVPPboVU+fJVGUQwHUyAO+qo7tl8jiGuWcHHEP9oIi0
+3NTRoNQecTamwrjqyo0jmB5D+tafobJk1WlTQ5D9is+719wpjw43bLdd3mc4sr73
+KS5FVtOU2BXlBBnHrHM/WFs0PxYo4qLLdvIbupdVAgMBAAGjggEOMIIBCjAdBgNV
+HQ4EFgQU7OOfeBoqZI57kKpsIm5XTrwWCugwgcIGA1UdIwSBujCBt4AUUoxrQOhx
+ctjEAfAwsxe9zn9IcWahgZSkgZEwgY4xGDAWBgNVBAMMD1plcm9DIFRlc3QgQ0Eg
+MTEMMAoGA1UECwwDSWNlMRQwEgYDVQQKDAtaZXJvQywgSW5jLjEQMA4GA1UEBwwH
+SnVwaXRlcjEQMA4GA1UECAwHRmxvcmlkYTELMAkGA1UEBhMCVVMxHTAbBgkqhkiG
+9w0BCQEWDmluZm9AemVyb2MuY29tggh+LYcQnlFBgjALBgNVHQ8EBAMCBeAwFwYD
+VR0RBBAwDocEfwAAAYIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IBAQAUYMJ5BiSZ
+5OyWjgkN6IdigjvCTrlDo+Lu2DLaf81XpaowBdzCLoY8aujxMMi5qBKmnR+LD0Im
+E0rK2xJQqytydhU7MEobDqnf6MbUI088HRcWjh1h2vZjRUh8q5LKjQcuhz+s2J4S
++Znek3DA7IouZ3IAVKU8nuoIP82H7E7T2abZD4e7kBxT3Zx6hUK49tGya9BNnJSV
+Lp7mYnFyegn0pvPJ5LiiLUkrwSavQJekSdOfS8xJbCLH71v7iJ5ad5P7OafPHIKd
+swyPWE410HL4KtnTzWBk1K68LIBRLiTUMVL1sp01qFiqkqtVBxE78tSzw+ptnQDU
+mkmyiGKVBJ0S
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEyDCCA7CgAwIBAgIIfi2HEJ5RQYIwDQYJKoZIhvcNAQELBQAwgY4xGDAWBgNV
+BAMMD1plcm9DIFRlc3QgQ0EgMTEMMAoGA1UECwwDSWNlMRQwEgYDVQQKDAtaZXJv
+QywgSW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UECAwHRmxvcmlkYTELMAkG
+A1UEBhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29tMB4XDTE1MDQx
+NjEyMjIzNVoXDTIwMDQxNDEyMjIzNVowgZsxJTAjBgNVBAMMHFplcm9DIFRlc3Qg
+SW50ZXJtZWRpYXRlIENBIDExDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwLWmVyb0Ms
+IEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGExCzAJBgNV
+BAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMrpr5vuhfuce4fcPOOabrLXVMKvX3eBClxd
+kUxq2lPj2eCCcUnxpIMbqLH916/+0OXvq83B52bZxuAFx3q9sUWEj+Nk1QEUF0ei
+/4ptYrKm3gg9KvU6EZGWW39yz3V4slStiOE+Kh30I1QQNz8cxtsSfh/XZhsaSUhd
+Ym+40qxRfD9jD5XvmcjDkPfu2pPU/gLjPm6ZSP7neduvk/DcUqC1gYTycRUOP89N
+zJv9BXUzE6/9tlEK7hnKiSlP4zNueS7aIWs92UKNq8WMtF+Qu84GhEX/gC1Vp/mt
+59ShBAGV6d9dkSySevOsIr04KtNZWsEENse9U4NItoDkY43TEXUCAwEAAaOCARkw
+ggEVMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFFKMa0DocXLYxAHwMLMXvc5/SHFm
+MIHCBgNVHSMEgbowgbeAFP7XxgZVu03CluMlwNTgoS/oYmIZoYGUpIGRMIGOMRgw
+FgYDVQQDDA9aZXJvQyBUZXN0IENBIDExDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwL
+WmVyb0MsIEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGEx
+CzAJBgNVBAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbYIIae4r
+8hQdO20wIQYDVR0SBBowGIcEfwAAAYEQaXNzdWVyQHplcm9jLmNvbTANBgkqhkiG
+9w0BAQsFAAOCAQEAkaARcA4D1FH6QsinmA4b1RTerBOjb2PMmEaWMw8GQ6viXLhZ
+ETFKlorXAeldmuQk/xmE7q6ZuwHVCDby5K8dZirqyjaAax838jaR30wB7HmWanJp
+iW2SNlqjyHBSjQ/OUg7adCgAES+/OPBDKORDC3pjdcyZEsO+9FcPagXUsCqTJANP
+JLSS9vMSanRUzfUudYRhi90T436rxPSYNfgyX8897rNLwHmaSa87nkl9FhCuJNrv
+jBbu7IwUTOeKUIG+cgIuJYFm/bbLGINDdOx0Kql8f4eakkZ/pOZgAyqnlhBmA42n
+R4qP4DtiAEIXdjOvfuiawWXoux1T2/q/0rqwHg==
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/db/ca1/intermediate1/s_rsa_cai1_key.pem b/cpp/test/IceSSL/certs/db/ca1/intermediate1/s_rsa_cai1_key.pem
new file mode 100644
index 00000000000..c499b2b7f04
--- /dev/null
+++ b/cpp/test/IceSSL/certs/db/ca1/intermediate1/s_rsa_cai1_key.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5F22DDE574EFD718
+
+YKWCrY/9ukV1FoB/7EJz9G8syliYeqOjgVG/V/wXqOnE3Ymq7JFXM8ir+BBns2Zp
+ZacaLlXIrbtfT/pVcrGUOuYLLPIZRTYtc8a78q+EcErD33TwmhQyd0KTQpYfNa82
+6fjbz065GHtQ4HxFC5AEJ+nt4x9VyY/2OitMtNebxqAVQpymhhQlCINqa4suvrh7
+K1+ZaN93Zo6unUfTCGpkAGxGxoTWpWJgThmbWcR2rxgwH/RDHF/uDOp0KU0+/egW
+eF5aVVNpQ/jsFseu7JpfT3B76J40/uJ9iUwfdV/mOeTr0c/i6tXBzK9OiimQ1SuX
+XgYVKbif2EnDEJtRDgAqGvYB3kvPSRHBkqKkIF0qvhK+hj0w3jD6tPvbeKsHqMBE
+b8h9h5k2y9b6CZ7+AlsLRZsBzrMci8hQobiUnz84Ko2c9Lf3PgQ7amtdSM1spkdq
+EPiStKiRIRc/Xuz9N8kCYKtnSsdJseEjDXFv+u+g25ArUfwo5AAXZh8+lKAIHQSZ
+VdpAoSSseUY6VPwjdN7JI/b6cn+GxpnvyQdbwvcfxLr0gQb4LJcz9p2iFXTdmzGj
+n+FBDnX43TYGjUt6F86pAQqz56x1rUoES1nJzzcnYDIERQHPYeVXIWbltUj5r4g0
+wJ/U8LmpEqQWA1v2/0wuOIqPaqDGr0hUVtSurL4J4oL+cJgEsmbu6D+YT5HTYDTN
+7nNfbXbrmzl1zi+t09SUsdk/uF0IcZ2yheBphoJlzYcf327ZMcwDJcJBa5cCPqYx
+OfuWJhxZXzcnH9raZa45AgbrCatuBGRJaIWXfAJ2vrqWRAkAL7j3C6bFhbhW0oBW
+xr9naqIXi3C2nzNvDBr+97SW2QzgaJLa6jo8L2f8bZ+SVLR8CxIx+839B2mYytI8
+it1KAh+myIacilSu195WkuH6eIqmSEvvsS0sbI36RK592yZnNkZZdloXZQb/vpOX
+ahI2r058O0S2BaSB6gQ7XEeERDSxl+565U89KGetYj9m94Vwc4G2xhmi4/L8fZd/
+DO/M4R8NEe/sWS7a06BSnIQ260nWbAAvrFxHaQT0lChf/fcjchyNyYXY0STIWyxP
+AVvHcWr8BggS0cjlZ4mjQXO7nb8QELpPcWaxNSs3+99rjWk5RgN9uz7DJaH785dL
+Fh13FUP7m9GMs4lQJ0HCV4Stiys5gh2l8csIa0+Mm/uMsNzDtFObqLXwzRsqxIwp
+vvLRxxTc8Ub6xFYSAb86cpHvQ2VAbWbbqbxN+pMMhobSUq4EsVDojx5gX7YOw9MC
++zIHunG/7sqbMkQsNfm+geFclX2wEXrcVWBfUL3KO6/BSBH1sVwd8poypeRP4c7T
+bfG39T6TZGLqVDRDVCjrch9A9YVQy7wTow/l9DNASGIokUOw62VDgbcFceU54hV4
+qa8PfsrDEab2T6yzTirbHg021maolln0PSXjgtUy1CgvueA88+2HIpDstqsUvtZU
+tybeyLkaMUEmU4iR7utJiELGfQWoea/TQnRfSKFBWFWUUBFGEdG1ZZIdCNGOb1bS
+2KP8AcPxwrIXvfeVamCYpimXqVs57bCVmSMGqqiWo8I8FwfPFIEMFg==
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/db/ca1/s_rsa_pass_ca1.pem b/cpp/test/IceSSL/certs/db/ca1/s_rsa_pass_ca1.pem
deleted file mode 100644
index 9cacca2b28e..00000000000
--- a/cpp/test/IceSSL/certs/db/ca1/s_rsa_pass_ca1.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEwzCCA6ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjjEYMBYGA1UEAwwPWmVy
-b0MgVGVzdCBDQSAxMQwwCgYDVQQLDANJY2UxFDASBgNVBAoMC1plcm9DLCBJbmMu
-MRAwDgYDVQQHDAdKdXBpdGVyMRAwDgYDVQQIDAdGbG9yaWRhMQswCQYDVQQGEwJV
-UzEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMTUwNDE0MTkyMDI4
-WhcNMjAwNDEyMTkyMDI4WjCBhTEPMA0GA1UEAwwGU2VydmVyMQwwCgYDVQQLDANJ
-Y2UxFDASBgNVBAoMC1plcm9DLCBJbmMuMRAwDgYDVQQHDAdKdXBpdGVyMRAwDgYD
-VQQIDAdGbG9yaWRhMQswCQYDVQQGEwJVUzEdMBsGCSqGSIb3DQEJARYOaW5mb0B6
-ZXJvYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4v1tDKdx7
-FH1URO2r1cMAl6LKzRkbobOrSssVr0QcrE5Qh53BgPA+PnGWybIilzJDtjPPSZNM
-2yBpY8Fa9V61gV8Sfra/tR165n/kKB1jqv+RaFEJETBRXb7TCgyYXfvxyNGec8QO
-eFegnz5H1At2tgidPgA/fjQfJxywcCj3o4V6cqoZJaxxZYi0qcwDl4/FyVBoiY4k
-vgADsrf5CtQ6XT6nmboh16D2BVr2DRZ9Oz5f8cVooIC7566DaaaSMILMpcYXslBw
-UluVL/Q/QBrfvUhx0Ckhi0gYH4sWozmAXxSuHal95oOOavIuxU/7THJPY4Um+Ume
-sdpAShESFFOHAgMBAAGjggExMIIBLTAdBgNVHQ4EFgQURN1T0UN79KMBwttTZ4Ut
-pYIE6BkwgcIGA1UdIwSBujCBt4AU/tfGBlW7TcKW4yXA1OChL+hiYhmhgZSkgZEw
-gY4xGDAWBgNVBAMMD1plcm9DIFRlc3QgQ0EgMTEMMAoGA1UECwwDSWNlMRQwEgYD
-VQQKDAtaZXJvQywgSW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UECAwHRmxv
-cmlkYTELMAkGA1UEBhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29t
-gghp7ivyFB07bTALBgNVHQ8EBAMCBeAwFwYDVR0RBBAwDocEfwAAAYIGc2VydmVy
-MCEGA1UdEgQaMBiHBH8AAAGBEGlzc3VlckB6ZXJvYy5jb20wDQYJKoZIhvcNAQEL
-BQADggEBAJnvARBqA/BOd2UWkAiL6032M7S/U/a542e7Q8mzjLwB4D0ltmvkVEDR
-xW0+bmHhdog8sR3YzSmTU3BjeHgz9SgzZr2Rg2ul3B9boC36HLGFl1YTGQewgL4i
-sMqIsB3lK/l2B+lDKOil72qrPVKve1yZc2ftG6squFiFLyrPRgNXlkaxovMnACVD
-UUHoBvPkJzx1YAi5L6QzWHCG3L7YOBzTM0KIvAKDEdPgPvQUl0yqvLvPsa00+lUZ
-TxJaqYPvDH1KMQN1QRawhqrawmKJ38VQyBtc4D8OpB1odADvhf4fDuyos2wivm7q
-uBBP3aviHySG8VZUPgH752YMegawTbk=
------END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/db/ca1/s_rsa_pass_ca1_key.pem b/cpp/test/IceSSL/certs/db/ca1/s_rsa_pass_ca1_key.pem
deleted file mode 100644
index 57a90b6dbbe..00000000000
--- a/cpp/test/IceSSL/certs/db/ca1/s_rsa_pass_ca1_key.pem
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,DAEE6CE4188DE993
-
-u7HBevcXSqUSbGuLlQ/JEhQz6e1tT3hEB/V4l0dA4G9LyCajHhqkrj22VpBnRRTk
-JCS5NOc4lLJPV9w6nVYCwICn3ugHu9/DEh8xcOCxmqEqL+6yBqesIC/1OQC8v9hc
-mXr+43ORCKtSl0icg4OOCh3lHSiObanZr7q/3rEU89YfT9UxdZg9U8MvNSWnZVA2
-noxSW03KE0rwvhGfG3i5xd8yJ+SZ2gHBoFxYEqQ0eoQriAqcKtBfRF04T5UuNMBg
-0zar2uJsHI5J8CK5kIrDMYgCJR67E48sH6pe1hFW9aLrz+Fifb/53dw5vshVGngi
-B1Zk4AxdXvdcWHdb8yCTJyXCXnClT1w7YOjgvnVef15RL25ZWxTsNNzqhEhfzq4X
-1UC9UBRMnTs0IgbZBTD7tTHe0V9P6tJaYlfLSo5+qgU4zelbIFJoTP7GcVNgkcLJ
-4zJFSkaPTh6heeNr4qtsQBRoV4JDiz+0ElvrR2mP0NhVUG5P0m3ogQv+tLZXxCop
-5E0t1nGBwYgenLFc0jQLsLHhRWr2k5nzzOoqWCGJHHP4Tv+EnqNQXu62JAoGcBVc
-jjbAf98nnnYLid7I3DivkCbBchA+1lwpWR8ipGi3rAn3uGLbess3Ub0kDJDjqJsT
-v3kUSIr6HyuR0qFIIHZ5CHzu37vNoDYhnJFHNfaXmD0vFpDN2m/7zsShpawoNM7H
-eDyjiHwnqDxWEf/NDqDgViOLw6D0DNQWXnk4jOkz1gV25fcXYeKQQbIUhZksOmzp
-tWDCTuz/JlOgNfRhoHANaDZYFE3iKojIkx2JR+mmSRlwR8UGaonBEE4Fau7tJEWp
-Q/cRRicC2E9fRxcHpG8CqFy8UpRqo2GUcBY+4bYMacjpUnNiw+lfOrKeaybKrsDT
-iQc6TUIewHrAKRufzAxZFDgZmRRre3Db2eSDDQqzj3pd3oHMyp4ETICHl7u68u2W
-dUzSyrjCDspdKkbxgV3VDa1CRMFZtPS0Epmuk7b/HQ+NBd8uLqbJ3phP5A+e6b1V
-cXx+T85QQDI7XHQvV6apX1gksIgr93akUcDZpOCjlwlXioHYbbjTJmx+0h+26o0V
-v9ky65x/rLfbTQF1+YYVr0M2s9UmxXxO3aiW8dtxRBvWF/1QKGwmsYFnlHmy9Mil
-Xxa9ScLKEM5jTDA2C1td9jfMMX78vXk45Gzt9BqZqoeLQ1ni7oEVTdgzxrN84Jwq
-Ei6GwiSMISJCjpZdC22KM3NbGUL4xVDPfLn6fhVN/uBZ86rp6jLj1dhA6kZDco1i
-W8fwEwQA5nJPbQ1jli+gALQ0wYtplpPT46tkmLTZhh3n0E9Y1HPgb57mVJnQ+RDr
-2n5YsZXU7IN7jjuPXS5Eqx/7Gs+JlVqZuZIGVuLDG4ey8uy7daKfqQojh0yID45i
-kAv0MsVnQhlkrzXa34dyo6V6ADFtZP0EwETbrhr9MoeMlf1Le+moq4qR3/3RnbYK
-bUc2RWxp/hxTDiYCFfN8vdjVl02PqGw2yc5QG/j7PQDLjfovjycdOE591UBj3qWO
-3r7yh2Gid4XYZZZYrh7tzRNKwoiimiINe2pDX8j+/G++CAtM4epUwJFz/1YGOfMu
------END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/makecerts.py b/cpp/test/IceSSL/certs/makecerts.py
index 3e44ce01e66..6df88c5c140 100755
--- a/cpp/test/IceSSL/certs/makecerts.py
+++ b/cpp/test/IceSSL/certs/makecerts.py
@@ -72,39 +72,69 @@ ca1.getCA().save("cacert1.pem")
 ca2.getCA().save("cacert2.pem")
 
 # Also export the ca2 self-signed certificate, it's used by the tests to test self-signed certificates
-ca2.getCA().saveKey("cakey2.pem").save("cacert2.p12", addkey=True)
+ca2.getCA().save("cacert2_pub.pem").saveKey("cacert2_priv.pem").save("cacert2.p12", addkey=True)
+
+# Create intermediate CAs
+cai1 = ca1.getIntermediateFactory("intermediate1")
+if not cai1:
+    cai1 = ca1.createIntermediateFactory("intermediate1", cn = "ZeroC Test Intermediate CA 1")
+cai2 = cai1.getIntermediateFactory("intermediate1")
+if not cai2:
+    cai2 = cai1.createIntermediateFactory("intermediate1", cn = "ZeroC Test Intermediate CA 2")
+
+cai1.getCA().save("cacert_int1.pem")
+cai2.getCA().save("cacert_int2.pem")
 
 #
-# Generate certificates (CA, alias, { creation parameters passed to ca.create(...) }, password)
+# Create certificates (CA, alias, { creation parameters passed to ca.create(...) })
 #
 certs = [
-    (ca1, "s_rsa_ca1",      { "cn": "Server", "ip": "127.0.0.1", "dns": "server", "serial": 1 }, None),
-    (ca1, "c_rsa_ca1",      { "cn": "Client", "ip": "127.0.0.1", "dns": "client", "serial": 2 }, None),
-    (ca1, "s_rsa_pass_ca1", { "cn": "Server", "ip": "127.0.0.1", "dns": "server", "serial": 1 }, "server"),
-    (ca1, "c_rsa_pass_ca1", { "cn": "Client", "ip": "127.0.0.1", "dns": "client", "serial": 2 }, "client"),
-    (ca1, "s_rsa_ca1_exp",  { "cn": "Server", "validity": -1 }, None), # Expired certificate
-    (ca1, "c_rsa_ca1_exp",  { "cn": "Client", "validity": -1 }, None), # Expired certificate
-    (ca1, "s_rsa_ca1_cn1",  { "cn": "127.0.0.1" }, None),  # No subjectAltName, CN=127.0.0.1
-    (ca1, "s_rsa_ca1_cn2",  { "cn": "127.0.0.11" }, None), # No subjectAltName, CN=127.0.0.11
-    (ca2, "s_rsa_ca2",      { "cn": "Server", "ip": "127.0.0.1", "dns": "server" }, None),
-    (ca2, "c_rsa_ca2",      { "cn": "Client", "ip": "127.0.0.1", "dns": "client" }, None),
-    (dsaca, "s_dsa_ca1",    { "cn": "Server", "ip": "127.0.0.1", "dns": "server" }, None), # DSA
-    (dsaca, "c_dsa_ca1",    { "cn": "Client", "ip": "127.0.0.1", "dns": "client" }, None), # DSA
+    (ca1, "s_rsa_ca1",       { "cn": "Server", "ip": "127.0.0.1", "dns": "server", "serial": 1 }),
+    (ca1, "c_rsa_ca1",       { "cn": "Client", "ip": "127.0.0.1", "dns": "client", "serial": 2 }),
+    (ca1, "s_rsa_ca1_exp",   { "cn": "Server", "validity": -1 }), # Expired certificate
+    (ca1, "c_rsa_ca1_exp",   { "cn": "Client", "validity": -1 }), # Expired certificate
+    (ca1, "s_rsa_ca1_cn1",   { "cn": "127.0.0.1" }),  # No subjectAltName, CN=127.0.0.1
+    (ca1, "s_rsa_ca1_cn2",   { "cn": "127.0.0.11" }), # No subjectAltName, CN=127.0.0.11
+    (ca2, "s_rsa_ca2",       { "cn": "Server", "ip": "127.0.0.1", "dns": "server" }),
+    (ca2, "c_rsa_ca2",       { "cn": "Client", "ip": "127.0.0.1", "dns": "client" }),
+    (dsaca, "s_dsa_ca1",     { "cn": "Server", "ip": "127.0.0.1", "dns": "server" }), # DSA
+    (dsaca, "c_dsa_ca1",     { "cn": "Client", "ip": "127.0.0.1", "dns": "client" }), # DSA
+    (cai1, "s_rsa_cai1",     { "cn": "Server", "ip": "127.0.0.1", "dns": "server" }),
+    (cai2, "s_rsa_cai2",     { "cn": "Server", "ip": "127.0.0.1", "dns": "server" }),
+]
+
+#
+# Create the certificates
+#
+for (ca, alias, args) in certs:
+    if not ca.get(alias):
+        ca.create(alias, **args)
+
+savecerts = [
+    (ca1, "s_rsa_ca1",     None,              {}),
+    (ca1, "c_rsa_ca1",     None,              {}),
+    (ca1, "s_rsa_ca1_exp", None,              {}),
+    (ca1, "c_rsa_ca1_exp", None,              {}),
+    (ca1, "s_rsa_ca1_cn1", None,              {}),
+    (ca1, "s_rsa_ca1_cn2", None,              {}),
+    (ca2, "s_rsa_ca2",     None,              {}),
+    (ca2, "c_rsa_ca2",     None,              {}),
+    (dsaca, "s_dsa_ca1",   None,              {}),
+    (dsaca, "c_dsa_ca1",   None,              {}),
+    (cai1, "s_rsa_cai1",   None,              {}),
+    (cai2, "s_rsa_cai2",   None,              {}),
+    (ca1, "s_rsa_ca1",     "s_rsa_wroot_ca1", { "root": True }),
+    (ca1, "s_rsa_ca1",     "s_rsa_pass_ca1",  { "password": "server" }),
+    (ca1, "c_rsa_ca1",     "c_rsa_pass_ca1",  { "password": "client" }),
 ]
 
 #
 # Save the certificates in PEM and PKCS12 format.
 #
-for (ca, alias, args, password) in certs:
-    #
-    # Get or create the certificate
-    #
-    cert = ca.get(alias) or ca.create(alias, **args)
-
-    #
-    # Save it as PEM and PKCS12
-    #
-    cert.save(alias + "_pub.pem").saveKey(alias + "_priv.pem", password).save(alias + ".p12", password)
+for (ca, alias, path, args) in savecerts:
+    if not path: path = alias
+    password = args.get("password", None)
+    ca.get(alias).save(path + "_pub.pem").saveKey(path + "_priv.pem", password).save(path + ".p12", **args)
 
 #
 # Create DH parameters to use with OS X Secure Transport.
diff --git a/cpp/test/IceSSL/certs/s_dsa_ca1.p12 b/cpp/test/IceSSL/certs/s_dsa_ca1.p12
index d8f0f8f5e46..6e9784175d7 100644
--- a/cpp/test/IceSSL/certs/s_dsa_ca1.p12
+++ b/cpp/test/IceSSL/certs/s_dsa_ca1.p12
diff --git a/cpp/test/IceSSL/certs/s_rsa_ca1.p12 b/cpp/test/IceSSL/certs/s_rsa_ca1.p12
index 608ceecb2fb..11527350a33 100644
--- a/cpp/test/IceSSL/certs/s_rsa_ca1.p12
+++ b/cpp/test/IceSSL/certs/s_rsa_ca1.p12
diff --git a/cpp/test/IceSSL/certs/s_rsa_ca1_cn1.p12 b/cpp/test/IceSSL/certs/s_rsa_ca1_cn1.p12
index 9831d53525d..e88bd852150 100644
--- a/cpp/test/IceSSL/certs/s_rsa_ca1_cn1.p12
+++ b/cpp/test/IceSSL/certs/s_rsa_ca1_cn1.p12
diff --git a/cpp/test/IceSSL/certs/s_rsa_ca1_cn2.p12 b/cpp/test/IceSSL/certs/s_rsa_ca1_cn2.p12
index d1639108e77..e2a53b6eac0 100644
--- a/cpp/test/IceSSL/certs/s_rsa_ca1_cn2.p12
+++ b/cpp/test/IceSSL/certs/s_rsa_ca1_cn2.p12
diff --git a/cpp/test/IceSSL/certs/s_rsa_ca1_exp.p12 b/cpp/test/IceSSL/certs/s_rsa_ca1_exp.p12
index 04add90f851..bcd9363e6ff 100644
--- a/cpp/test/IceSSL/certs/s_rsa_ca1_exp.p12
+++ b/cpp/test/IceSSL/certs/s_rsa_ca1_exp.p12
diff --git a/cpp/test/IceSSL/certs/s_rsa_ca2.p12 b/cpp/test/IceSSL/certs/s_rsa_ca2.p12
index cbfdfcacca5..c2f16819f35 100644
--- a/cpp/test/IceSSL/certs/s_rsa_ca2.p12
+++ b/cpp/test/IceSSL/certs/s_rsa_ca2.p12
diff --git a/cpp/test/IceSSL/certs/s_rsa_cai1.p12 b/cpp/test/IceSSL/certs/s_rsa_cai1.p12
new file mode 100644
index 00000000000..4e52aed61c7
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_rsa_cai1.p12
diff --git a/cpp/test/IceSSL/certs/s_rsa_cai1_priv.pem b/cpp/test/IceSSL/certs/s_rsa_cai1_priv.pem
new file mode 100644
index 00000000000..127670681f6
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_rsa_cai1_priv.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAyHWvSXg5S1Y8m/2LeY8KS7STqLnGOFBh7/Z1lOfXsyIABY/i
+xXIIhT6toMdmBWOlO3CrlJvvIYpKJn801cniihoP8O+KRIvo0JlZlAijrt2m/nIH
+mys6ugQuLYjN5vhXFwyNob9Gw68cg2Y5Z0Y6jXZRTj7FvAUAfMdDiap2l/5ky3EH
+nT9gA9aDbj4ifDS3J5aVTz26FVPnyVRlEMB1MgDvqqO7ZfI4hrlnBxxD/aCItNzU
+0aDUHnE2psK46sqNI5geQ/rWn6GyZNVpU0OQ/YrPu9fcKY8ON2y3Xd5nOLK+9yku
+RVbTlNgV5QQZx6xzP1hbND8WKOKiy3byG7qXVQIDAQABAoIBADFRovq0dYQvh2Hp
+k3Mo2iOeHeYZLseUH0Rmoq8sC0mrR84WhHiHgckmjplL9bHFvlVNdyls4/yghXXL
+PjiLHw1TNDDW/nG26mTIFd3x8jOHnRpk+7IVhLFXbfUN/3qgBu1IzV/KK6LhZmZ9
+tAnQoX9EaOSTVRrZMDGC5P7tzZe/M49n5LL+f+WMnZsclBxUOpAE3VOgtjvPjgRW
+hGIvKnH2C145/ahXFnA3vdJUIgtApjK9cXsxGtjUzRR3XYLB7CjCT1mtyg+q0Ez/
+jiDmHtvyGbU9mrup+RpFlsc0tKXqD34JiR2wL2WhPz7mijc+S/f+yWbFPaajyYIc
+kT/wB1ECgYEA6afBb4fxvWtO+IinpjPnKgEDknUEB+TzCYtJkSXsZ/qXLzRS1P/w
+3CGpUh659+hOUWqKc9E6YFt4Q8iK4GQ9iwNWl3n2a412hzi/9NY+eZxRDohjwVw7
+viKFVdWlEAiQZl1V50fbyCCJUFLYt5WAcKmg6ZTfkjXUIE4kRzjXI58CgYEA26E/
+4dVdFcxX/RaUyHo29c7Ahl6LFWFAQnWaaFLsvwU78QqVzszQCOSdi3GoJl6RAI5o
+aaDoKpHi8dTwXj1FlEdGKS3FGuam4eMdmQ/IUXTl1ak1O30KVIX38JpEtfauGr4i
+rO655nbGN0+l/9uKA6DJZPWzqBZYHOkQDtbtwIsCgYAEDb4EYlZmU+NF2pEWCBZ9
+mxDlzJPqUyWIR9tZ4k+MqkNPNVgui9Yw64CVhSTy0Rvyu6d1RO7/VvbqLiOCqxqK
+O9+Xtyz4RrcEt45VABaLY5PgbatVYnVC4jRv/cnkUlG3BO2FmrCMc0wOkbFi1fwp
+eDfrdYK/daGdgd2NQsYwvwKBgQCzNexOdi8ybj8NwLM+sprOEBqAifyrQWOR1yxb
+G+8aH0c99AkxaWYHG6SB+Afg5yEidxEzv5wxwECSW9KW0yBHUbEqQLKotLRPdWbd
+Ukd+UAiKQzuwguM+/OHHbdnLMLH4GFVrDpCaQSiUUWV+VMFVHIm429Pwv+q+DF6R
+/Uaa6QKBgDyzuF8fWBMS3KFsQybJ0qMu68TEA4l8PKmxx2y0rngccFVWhAN5axgn
+L7bZtKUfd/1+1MQLjrAbUt+ymD5D/0GZ9f2nljjVFX9grw3TtnW9NtPxY1bCJrVv
+hLCSJkb7k6tUUofCw6QGVVfpAh2Owm1kMNwXmvQLsk0qP/UJasdC
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/s_rsa_cai1_pub.pem b/cpp/test/IceSSL/certs/s_rsa_cai1_pub.pem
new file mode 100644
index 00000000000..d61c3972a10
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_rsa_cai1_pub.pem
@@ -0,0 +1,56 @@
+-----BEGIN CERTIFICATE-----
+MIIEtTCCA52gAwIBAgIJAKBL6oaFGEbFMA0GCSqGSIb3DQEBCwUAMIGbMSUwIwYD
+VQQDDBxaZXJvQyBUZXN0IEludGVybWVkaWF0ZSBDQSAxMQwwCgYDVQQLDANJY2Ux
+FDASBgNVBAoMC1plcm9DLCBJbmMuMRAwDgYDVQQHDAdKdXBpdGVyMRAwDgYDVQQI
+DAdGbG9yaWRhMQswCQYDVQQGEwJVUzEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJv
+Yy5jb20wHhcNMTUwNDE2MTIyMjM1WhcNMjAwNDE0MTIyMjM1WjCBhTEPMA0GA1UE
+AwwGU2VydmVyMQwwCgYDVQQLDANJY2UxFDASBgNVBAoMC1plcm9DLCBJbmMuMRAw
+DgYDVQQHDAdKdXBpdGVyMRAwDgYDVQQIDAdGbG9yaWRhMQswCQYDVQQGEwJVUzEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDIda9JeDlLVjyb/Yt5jwpLtJOoucY4UGHv9nWU59ezIgAF
+j+LFcgiFPq2gx2YFY6U7cKuUm+8hikomfzTVyeKKGg/w74pEi+jQmVmUCKOu3ab+
+cgebKzq6BC4tiM3m+FcXDI2hv0bDrxyDZjlnRjqNdlFOPsW8BQB8x0OJqnaX/mTL
+cQedP2AD1oNuPiJ8NLcnlpVPPboVU+fJVGUQwHUyAO+qo7tl8jiGuWcHHEP9oIi0
+3NTRoNQecTamwrjqyo0jmB5D+tafobJk1WlTQ5D9is+719wpjw43bLdd3mc4sr73
+KS5FVtOU2BXlBBnHrHM/WFs0PxYo4qLLdvIbupdVAgMBAAGjggEOMIIBCjAdBgNV
+HQ4EFgQU7OOfeBoqZI57kKpsIm5XTrwWCugwgcIGA1UdIwSBujCBt4AUUoxrQOhx
+ctjEAfAwsxe9zn9IcWahgZSkgZEwgY4xGDAWBgNVBAMMD1plcm9DIFRlc3QgQ0Eg
+MTEMMAoGA1UECwwDSWNlMRQwEgYDVQQKDAtaZXJvQywgSW5jLjEQMA4GA1UEBwwH
+SnVwaXRlcjEQMA4GA1UECAwHRmxvcmlkYTELMAkGA1UEBhMCVVMxHTAbBgkqhkiG
+9w0BCQEWDmluZm9AemVyb2MuY29tggh+LYcQnlFBgjALBgNVHQ8EBAMCBeAwFwYD
+VR0RBBAwDocEfwAAAYIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IBAQAUYMJ5BiSZ
+5OyWjgkN6IdigjvCTrlDo+Lu2DLaf81XpaowBdzCLoY8aujxMMi5qBKmnR+LD0Im
+E0rK2xJQqytydhU7MEobDqnf6MbUI088HRcWjh1h2vZjRUh8q5LKjQcuhz+s2J4S
++Znek3DA7IouZ3IAVKU8nuoIP82H7E7T2abZD4e7kBxT3Zx6hUK49tGya9BNnJSV
+Lp7mYnFyegn0pvPJ5LiiLUkrwSavQJekSdOfS8xJbCLH71v7iJ5ad5P7OafPHIKd
+swyPWE410HL4KtnTzWBk1K68LIBRLiTUMVL1sp01qFiqkqtVBxE78tSzw+ptnQDU
+mkmyiGKVBJ0S
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEyDCCA7CgAwIBAgIIfi2HEJ5RQYIwDQYJKoZIhvcNAQELBQAwgY4xGDAWBgNV
+BAMMD1plcm9DIFRlc3QgQ0EgMTEMMAoGA1UECwwDSWNlMRQwEgYDVQQKDAtaZXJv
+QywgSW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UECAwHRmxvcmlkYTELMAkG
+A1UEBhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29tMB4XDTE1MDQx
+NjEyMjIzNVoXDTIwMDQxNDEyMjIzNVowgZsxJTAjBgNVBAMMHFplcm9DIFRlc3Qg
+SW50ZXJtZWRpYXRlIENBIDExDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwLWmVyb0Ms
+IEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGExCzAJBgNV
+BAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMrpr5vuhfuce4fcPOOabrLXVMKvX3eBClxd
+kUxq2lPj2eCCcUnxpIMbqLH916/+0OXvq83B52bZxuAFx3q9sUWEj+Nk1QEUF0ei
+/4ptYrKm3gg9KvU6EZGWW39yz3V4slStiOE+Kh30I1QQNz8cxtsSfh/XZhsaSUhd
+Ym+40qxRfD9jD5XvmcjDkPfu2pPU/gLjPm6ZSP7neduvk/DcUqC1gYTycRUOP89N
+zJv9BXUzE6/9tlEK7hnKiSlP4zNueS7aIWs92UKNq8WMtF+Qu84GhEX/gC1Vp/mt
+59ShBAGV6d9dkSySevOsIr04KtNZWsEENse9U4NItoDkY43TEXUCAwEAAaOCARkw
+ggEVMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFFKMa0DocXLYxAHwMLMXvc5/SHFm
+MIHCBgNVHSMEgbowgbeAFP7XxgZVu03CluMlwNTgoS/oYmIZoYGUpIGRMIGOMRgw
+FgYDVQQDDA9aZXJvQyBUZXN0IENBIDExDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwL
+WmVyb0MsIEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGEx
+CzAJBgNVBAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbYIIae4r
+8hQdO20wIQYDVR0SBBowGIcEfwAAAYEQaXNzdWVyQHplcm9jLmNvbTANBgkqhkiG
+9w0BAQsFAAOCAQEAkaARcA4D1FH6QsinmA4b1RTerBOjb2PMmEaWMw8GQ6viXLhZ
+ETFKlorXAeldmuQk/xmE7q6ZuwHVCDby5K8dZirqyjaAax838jaR30wB7HmWanJp
+iW2SNlqjyHBSjQ/OUg7adCgAES+/OPBDKORDC3pjdcyZEsO+9FcPagXUsCqTJANP
+JLSS9vMSanRUzfUudYRhi90T436rxPSYNfgyX8897rNLwHmaSa87nkl9FhCuJNrv
+jBbu7IwUTOeKUIG+cgIuJYFm/bbLGINDdOx0Kql8f4eakkZ/pOZgAyqnlhBmA42n
+R4qP4DtiAEIXdjOvfuiawWXoux1T2/q/0rqwHg==
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/s_rsa_cai2.p12 b/cpp/test/IceSSL/certs/s_rsa_cai2.p12
new file mode 100644
index 00000000000..11ea44fbd65
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_rsa_cai2.p12
diff --git a/cpp/test/IceSSL/certs/s_rsa_cai2_priv.pem b/cpp/test/IceSSL/certs/s_rsa_cai2_priv.pem
new file mode 100644
index 00000000000..7ac205d5123
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_rsa_cai2_priv.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA3OTffDJb8v53lMenZchoaWlJUdEiqR44eevgGgQdZ1ihONpg
+1zAqw/YMVGPqEVDYpecviZdncnilrinoutvLgyu/gIlHcG+gyG/usLkEnc7UzlKF
+Mwt0LS4EEiEDztYsvvyILFZpjh6kFZiY1ltKQEqi/FynZEcQlbwS0VM1RX7HzZEU
+EAC2A55rnvXoocuAjRX//t/ZYrgvcATK4tuk66XZSkGYXxCN67FkpVXwX/h6IiXp
+Igh7oQ2r1WV9XUQhO2zs/CfbEuEphmjD7ug8nq9g65UviWLPncmJtWgErjR96kLE
+JitYN3TlOcZcC0cqYXFJdmd0ERK4A/nKt0J75wIDAQABAoIBAF1bVaC13+qY5Y05
+vGPmCUrTtqsfiliTbycIK5STPKIa8TiIAvmvX8OmT5uzBo/+7TFgvdSW6p+UoeEz
+0Sp4DlEHwk3etxSr+PX9aJHEAFF5wrLYaXcjVhxqIEpRLbzTA+JL9HlYpA/un0aJ
+Ub72ojD92lhyCET3S+kcrY9ObWtK2p9v7pqvh4owA0yIJnuB+Q4+FVz647WEFtCt
+8jiKgFKnaTrEngQjhoyweAnhC2/2IQ6Glf1ueHYCupPpszmPICqAF/c4fBpsuvAh
+uyJhyY1MpqbxW/t+Ci/vWPzmmCRdimlwokujRsHzHN0VqsCCk01gTBG6GGJg3u6I
+BUDHckECgYEA9pH5xvZ2tD0UJIbVQUhmAj8K2J03nbZhcmd+Yl2O56EgPzDR7KQC
+6cClVjwUTWGYSu6CjyVE9FKqfLJgFOYGCvBQKRI8C9VS+lwG0rNa7L1vXcRxjqZV
+ZwG+6QF9dBdBVcvA42yCRESWPZzV00z+SWzs+jwrsl4e9OyFAdeoXzECgYEA5VeE
+UQzDwJTNCDivVKsm3FYl4wz+POO0GoFa4tUANAKZTuHCstcnpLiBCqyIOBXIJ1It
+w1oqKKO9ltnH15rg6AKch6igrIRdNGONADkVwEcVIJp3sKpSSXsa+oBF1aQdOLpr
+XY1ytanWG2uZFSxCOdA7+4Ie05HaL2H/bME+NpcCgYEApwnxetaRSD1wneYyJo3T
+fYYT5PdtLAzYK1btidnz6/t+CxEZxgS+bHk0CR2ea2XIdErsa+lFs3clRGDbMo06
+XsK6q3hM8X9NPYqGnMsgt+0FuzJP8+G/TY8jNFrsEG+ItYTZYbiq73C/j3HmccVh
+J4EBcey9dZLJygdJfBwLVqECgYAK5a+p0jty6R8c5uSd10wPaCCAu1tRNViXcdIJ
+uSk7T2xNbTi9GrANiZ7IDQ6j65UJGUSHZb9fEvitNEfknL1XCNi7MW4BBIERPjGy
+8wNvkXEVjYFmaZFjYHAVuwaWcifZTDJRzajHrPw5bVFmyiWTbauL9dDVKLb/TV6/
+oib8nQKBgQC67QpGWTRrg2N+Pa0Zpmztwh0WVJf0/XtIdqGQHxa00TKDo0SKU5el
+jcSLfe9b3cP8A+F7oPpmJvw5mmb64n5Y9K8jWUOf+6Oik0dQztaUjzLO/2fwyF6B
+govbzagle6VNzmLxoz3r2lNdBF/Pr2lOjF0gCrMTly2oqSS53AXXAQ==
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/s_rsa_cai2_pub.pem b/cpp/test/IceSSL/certs/s_rsa_cai2_pub.pem
new file mode 100644
index 00000000000..45adc92b49d
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_rsa_cai2_pub.pem
@@ -0,0 +1,84 @@
+-----BEGIN CERTIFICATE-----
+MIIEwTCCA6mgAwIBAgIIIXe/uTOUuuMwDQYJKoZIhvcNAQELBQAwgZsxJTAjBgNV
+BAMMHFplcm9DIFRlc3QgSW50ZXJtZWRpYXRlIENBIDIxDDAKBgNVBAsMA0ljZTEU
+MBIGA1UECgwLWmVyb0MsIEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgM
+B0Zsb3JpZGExCzAJBgNVBAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9j
+LmNvbTAeFw0xNTA0MTYxMjIyMzVaFw0yMDA0MTQxMjIyMzVaMIGFMQ8wDQYDVQQD
+DAZTZXJ2ZXIxDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwLWmVyb0MsIEluYy4xEDAO
+BgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGExCzAJBgNVBAYTAlVTMR0w
+GwYJKoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANzk33wyW/L+d5THp2XIaGlpSVHRIqkeOHnr4BoEHWdYoTja
+YNcwKsP2DFRj6hFQ2KXnL4mXZ3J4pa4p6Lrby4Mrv4CJR3BvoMhv7rC5BJ3O1M5S
+hTMLdC0uBBIhA87WLL78iCxWaY4epBWYmNZbSkBKovxcp2RHEJW8EtFTNUV+x82R
+FBAAtgOea5716KHLgI0V//7f2WK4L3AEyuLbpOul2UpBmF8QjeuxZKVV8F/4eiIl
+6SIIe6ENq9VlfV1EITts7Pwn2xLhKYZow+7oPJ6vYOuVL4liz53JibVoBK40fepC
+xCYrWDd05TnGXAtHKmFxSXZndBESuAP5yrdCe+cCAwEAAaOCARswggEXMB0GA1Ud
+DgQWBBQC+5gpX/M1xQcExr9YymqGZeprZDCBzwYDVR0jBIHHMIHEgBQQ42FrNKUf
+NgoqcUPX8Ybww9gR1KGBoaSBnjCBmzElMCMGA1UEAwwcWmVyb0MgVGVzdCBJbnRl
+cm1lZGlhdGUgQ0EgMTEMMAoGA1UECwwDSWNlMRQwEgYDVQQKDAtaZXJvQywgSW5j
+LjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UECAwHRmxvcmlkYTELMAkGA1UEBhMC
+VVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29tgggixA/a+jze4TALBgNV
+HQ8EBAMCBeAwFwYDVR0RBBAwDocEfwAAAYIGc2VydmVyMA0GCSqGSIb3DQEBCwUA
+A4IBAQAf2E3lJSgfJqkqawuxCkonz1ExBZhVleXv6fPd8H3vn3/vKBIOcrVfVptO
+jfB+5P0oD8Mgs1TFlcjvL6o7AL+ABjVeU/8/7IGTOlGtGk62iOQhc2IMpQT0xRSH
+kr+FNxNzpzzNFX6BJqOlDQWVlox+zTtNl5YcsuFfRb8GasXpvWARGV0/B3oliOzo
+87Df5u9i59xjCh1eKq7Fhr24sCA6e8+YILjyI5dMcuwjwxSSwYcDNt72wfvZ2bq/
+pjWFgcOMpiXvqFqtrc+NDidV4DWH6rwfESNiC/dlrj+JSwH0goSGd4M0ZArw68Br
+tup07+ei64nig6gW55qASIlihM6o
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEsDCCA5igAwIBAgIIIsQP2vo83uEwDQYJKoZIhvcNAQELBQAwgZsxJTAjBgNV
+BAMMHFplcm9DIFRlc3QgSW50ZXJtZWRpYXRlIENBIDExDDAKBgNVBAsMA0ljZTEU
+MBIGA1UECgwLWmVyb0MsIEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgM
+B0Zsb3JpZGExCzAJBgNVBAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9j
+LmNvbTAeFw0xNTA0MTYxMjIyMzVaFw0yMDA0MTQxMjIyMzVaMIGbMSUwIwYDVQQD
+DBxaZXJvQyBUZXN0IEludGVybWVkaWF0ZSBDQSAyMQwwCgYDVQQLDANJY2UxFDAS
+BgNVBAoMC1plcm9DLCBJbmMuMRAwDgYDVQQHDAdKdXBpdGVyMRAwDgYDVQQIDAdG
+bG9yaWRhMQswCQYDVQQGEwJVUzEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5j
+b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCztRo3bxb8ddw8l5w1
+aG2YNx9tgPzTDhSStbQdiKQ6pbFTK8oP7eNmyiHq4ZL/BiW9pwUqBZf7KlKLClv2
+8vDwaN1fV0/J7bJT7ogPDbcu6WxhIf9VQbg/urvL6TIk0mRthht0FZ06oUKfqjpY
+l9T9ytUen1TYd319Q81Zd7KyTVx6gnoDs6axDHOY4GrCaMh+lNWtgxXceG4nKrNv
+h/7tkuswx3XHP/PTB19m1MPx/d7a/c8aUbKIHe/KWa6W9ou58gXgz4Slduf+3QSE
+NhT8JsNiGra+DxFkfWlJOhl7l2zMHLmuLXopPG4e9o/ojWP+mo1WkOeK+pzTOHEa
++gDpAgMBAAGjgfUwgfIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUEONhazSlHzYK
+KnFD1/GG8MPYEdQwgcIGA1UdIwSBujCBt4AUUoxrQOhxctjEAfAwsxe9zn9IcWah
+gZSkgZEwgY4xGDAWBgNVBAMMD1plcm9DIFRlc3QgQ0EgMTEMMAoGA1UECwwDSWNl
+MRQwEgYDVQQKDAtaZXJvQywgSW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UE
+CAwHRmxvcmlkYTELMAkGA1UEBhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVy
+b2MuY29tggh+LYcQnlFBgjANBgkqhkiG9w0BAQsFAAOCAQEAhjWXKE5LZ5lf34x7
+7sjzPTLNeAZqs9PcsQdlBZdSrdFOiCnQI/+2N9jzoZWDJE/EVxKX8/UZwcCl0iFB
+FwObz2kmhLUB+++irMK/caZtkf6S5e2BJMkpheaa3kxO8YAytSbHsz/E0kZ3hm/m
+9VUXS2efloiO5DyTIqJa/2IEJxjj4vYmBi8XAsDuKGamel+pqQEBosns3qnGOb/f
+JCbfIJ00m4A048B/sDwEdBc4EQDqMM12+UHjgCkJHXXGqsTo9UDsOQQZMWbM04Tr
+2IBGbwWD4ZskDdc1yMxg/74mA47iztLXc+tDn8GIqj2jkUybmsWXlkCOjAxlpUbh
+5MaD4w==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEyDCCA7CgAwIBAgIIfi2HEJ5RQYIwDQYJKoZIhvcNAQELBQAwgY4xGDAWBgNV
+BAMMD1plcm9DIFRlc3QgQ0EgMTEMMAoGA1UECwwDSWNlMRQwEgYDVQQKDAtaZXJv
+QywgSW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UECAwHRmxvcmlkYTELMAkG
+A1UEBhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29tMB4XDTE1MDQx
+NjEyMjIzNVoXDTIwMDQxNDEyMjIzNVowgZsxJTAjBgNVBAMMHFplcm9DIFRlc3Qg
+SW50ZXJtZWRpYXRlIENBIDExDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwLWmVyb0Ms
+IEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGExCzAJBgNV
+BAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMrpr5vuhfuce4fcPOOabrLXVMKvX3eBClxd
+kUxq2lPj2eCCcUnxpIMbqLH916/+0OXvq83B52bZxuAFx3q9sUWEj+Nk1QEUF0ei
+/4ptYrKm3gg9KvU6EZGWW39yz3V4slStiOE+Kh30I1QQNz8cxtsSfh/XZhsaSUhd
+Ym+40qxRfD9jD5XvmcjDkPfu2pPU/gLjPm6ZSP7neduvk/DcUqC1gYTycRUOP89N
+zJv9BXUzE6/9tlEK7hnKiSlP4zNueS7aIWs92UKNq8WMtF+Qu84GhEX/gC1Vp/mt
+59ShBAGV6d9dkSySevOsIr04KtNZWsEENse9U4NItoDkY43TEXUCAwEAAaOCARkw
+ggEVMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFFKMa0DocXLYxAHwMLMXvc5/SHFm
+MIHCBgNVHSMEgbowgbeAFP7XxgZVu03CluMlwNTgoS/oYmIZoYGUpIGRMIGOMRgw
+FgYDVQQDDA9aZXJvQyBUZXN0IENBIDExDDAKBgNVBAsMA0ljZTEUMBIGA1UECgwL
+WmVyb0MsIEluYy4xEDAOBgNVBAcMB0p1cGl0ZXIxEDAOBgNVBAgMB0Zsb3JpZGEx
+CzAJBgNVBAYTAlVTMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHplcm9jLmNvbYIIae4r
+8hQdO20wIQYDVR0SBBowGIcEfwAAAYEQaXNzdWVyQHplcm9jLmNvbTANBgkqhkiG
+9w0BAQsFAAOCAQEAkaARcA4D1FH6QsinmA4b1RTerBOjb2PMmEaWMw8GQ6viXLhZ
+ETFKlorXAeldmuQk/xmE7q6ZuwHVCDby5K8dZirqyjaAax838jaR30wB7HmWanJp
+iW2SNlqjyHBSjQ/OUg7adCgAES+/OPBDKORDC3pjdcyZEsO+9FcPagXUsCqTJANP
+JLSS9vMSanRUzfUudYRhi90T436rxPSYNfgyX8897rNLwHmaSa87nkl9FhCuJNrv
+jBbu7IwUTOeKUIG+cgIuJYFm/bbLGINDdOx0Kql8f4eakkZ/pOZgAyqnlhBmA42n
+R4qP4DtiAEIXdjOvfuiawWXoux1T2/q/0rqwHg==
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/s_rsa_pass_ca1.p12 b/cpp/test/IceSSL/certs/s_rsa_pass_ca1.p12
index ee3a261fb11..78ed1a996ef 100644
--- a/cpp/test/IceSSL/certs/s_rsa_pass_ca1.p12
+++ b/cpp/test/IceSSL/certs/s_rsa_pass_ca1.p12
diff --git a/cpp/test/IceSSL/certs/s_rsa_pass_ca1_priv.pem b/cpp/test/IceSSL/certs/s_rsa_pass_ca1_priv.pem
index cc8e32da0a1..9dc8547645c 100644
--- a/cpp/test/IceSSL/certs/s_rsa_pass_ca1_priv.pem
+++ b/cpp/test/IceSSL/certs/s_rsa_pass_ca1_priv.pem
@@ -1,30 +1,30 @@
 -----BEGIN RSA PRIVATE KEY-----
 Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,1063629A05097914
+DEK-Info: DES-EDE3-CBC,79B157B8E3EC269D
 
-F4A0NGxk4CpFmDExRWO7N1G++5GnjZgQZDTewDfiPn9ND8OqZ9cEE1r54Q02YVWv
-+WBEZD2RQdbvx0hrY437IaLAKzyuKJkneHPl+8ZOn2Dtuk4BRGKbosz12/TtfSO1
-9tLYedA+psM7YgFiq0PMXSz3wAwYSNw17SCsSm9GNkvRgdwJbCsUHIGNzymUKNiZ
-oIvCFX6TjD0midUd+u9fw4AEZYQFmActtbagF5VLsyIxJYVVEFmsQCHb/Hl4QngV
-wkyvn1DwTkrmnuyT3Aw1VPY+LFi5D8IFVKHPOek/tRoOOuzFXgwutQ2CYB9BbZ8U
-Dd0f6kcRJ0y2DD+X15wha/6s0mQQapWUPERCCtvOaHDgEA5bW3D7+XROzPXkEfsp
-wbflPg/2Lrl2hzSFVN2r+K0HHNbmL9zJPa3CA6t0a51048ULPhdkZZ6vbccDiUsW
-6rgS0z5tWBOriEQBzeWgJ1sRFuALQfJu2QLs1TgttXsgdbp0zMkPrYV62I3CEqDi
-BkT/9qVf0EAxU4YrlAwvsW6p55YUIcq1uR516u2e2AElmIeVpDbQ4N1HLcGfoCw5
-AtkLiqNQ2qjORgKfKCLqrp1idj5TuIbgXbxviru71w5+kDBUmnjG4tFIOLf1a9NG
-JO9CKbsqA1WMRo0vWaWlKeJMTAFkx1FbICjRMs0Gp1xRYBXfsdgtgJEzh86R08DZ
-DDwKKAE5vwDH4/2vdTHO4WHqAmKcMfIyVheoBdk+jfgtPV0NYyc2fPdrEzcHjSYz
-j8W/o2T6IfppLdDrZ2GPk2feWaNiXfYHX8P2uz5NgKiRtpfVxvmj40kvPiwQpJKh
-lvEXmJ21Ye7Qj6reRIeU+Zn1x0YJCL57zVjugefUbwSPsam4e88+SLGl/6ADbUPG
-weiMjCSzIKq8ezynigkFSYht5dzfT9CfaPRRrwDEjJMQc5vUg1kMlsmXSKYGrfXc
-+4cs861QMotgLH2XjQEEhRcjsvwQrXrsXbtPDBBXvp8rlTncdbq6xrKPUL+EFPQm
-YqerKp1SbSvOncbJmlLl+IxFXp5LYDjfTfV7UWGk3tAq0rkFXkbms/yDcpXuJn+u
-/Xhn7eh5EY8txgIdtEKRoity7rVgtNWjGe+jwaHWxeErigZEribDlF+km62R/v7M
-o0YHIOyK5l4y2paqubCAEcIiTyY3rb4qzqDxZSv2IaZBVDY1cl8e1H1FbuzHZrfb
-/QxkoyvnrviJBqGWOWhYwXwITivPBaT8FG5HmPQaZVWb2PrUAYNoTrIr6bj/vqLt
-iK0cqC74mlOJQB7JEgmXURQrrpqssFpLw+WNnn3NLTsJ5Cm0cf1+iKL64DEQ4zpJ
-WKhwaeZ5KM1RTvEtujCLvgO9g+liUOLZ0wng/TrlV54PJ4hS/zJxyYVmBO5dXCPL
-Okp3N1P6cioFdbHBrpdWr+7cf/xIWknwQHOl9aMHATSvJl/I38MjvHf5I9s+CBsz
-z+KWrUaYpElRa7cGdFr+DZ2raKvG4WcQoZHv5G2lnV3ExqgsnOCAtP3FbtgRk1Ut
-sBugxTSYJ8zG4zP+OHz/U+wKDo6iIJ+yIF3obyQkJ1qH1P6A/ARyH42O5uy1sC9r
+FXjGd/UBJD8bpPqfxzpJTgxaFEPx1+TBY8obKQR9r+hRAV9HR4yBMMjk4DfZjmPM
+NYWCnAOgSQu3m2mX1HRgWUakVz6gn8DAfOLTZJ46H4EWa23KvZAx8NV+X0hLnSuD
+EbUu3SMUUYzPILtCGAAZbxJNNh2TcUTrkUFZn4UxU2xoexq/4aTEZAb8i1zwXtio
+IXAkv6XpLgA163Fidis5eahjyTxdjfrRKTp+9wsurRcakt/dbCOoPUBlaGbaLz01
+7DLwxL73TqHQvu0Ic1gmeEjWKih8mBeTOsScr72R9HbYpnTagn3gzoJgiWbdReIZ
+tZb43J2rm+lHmlAQxvRDyAiYzUxLbQa7tvIS31iiYeGMxoSiY2390+JabKH+2ndA
+orPBFBUHW4vdByHOuBW5naRNJAQHT9fgFc0iQkz/KRenJP+AvcvwLEEsCyJJvhWO
+irdYRfiCyclGkE/M7/yeSEHqzyh9DQ5lTwKEwLhA34t9mHlYJS6n8vC0rnBd/B8D
+Z50a24wESZ84yLyyU9CiZSIjgVqMgcThD62fT/IBS5RympgE64XUVBXb27UkGP1D
+bscy3XjQWTs273a15PhYQwy2UaFMGPomJHPoZQ+FQPuH6IF6CJshLqw9HqSAxVia
+rjAEfspRTgV/vjMqoNwk8VV4ulXdgT67EyXW3fAvu2PE/NIpx85qD7xCX3VcYTCQ
+vWmf0d6TdB2DCHJZzLtydJwMKZzsE1KNifUK8va0dcDG+HJaaxkpeXt1hN2EEEJI
+CtMW8mB6O50xfactr9JAy6UpMGKeHe23NKUKe2F5iMDnMiF7itM8FA1YsUEhfSbO
+SO0YYFFfU3+oJDlrILkZZEcHZ5omFU9xIBzwDwH8A1O0ZwDix0ldzbARfo1dm/Q+
++Y8FNkoi778X+oAJ0LtF7cGQbIAndumVfBXket2DmhbghMiEU4EOWlNdIqNaF8kY
+Vtf2V8miehZsxPJmkqxJs7tmn8SOx1ewFmmp/cNRweMPa5KY1MAz1N6OiP7l197+
+W7oDhTdR0PJW5oaJGtsmMJlLX3asnU+fgcqP+Txeb9dMFIrZVW01sNjNGNETQxEn
+5jZsFKh/ikzOCfBVplZ/LaZKG7yMFv/TlF0YcR6ECTGy1/nGSkqg20vsDHwa+HTS
+uczaNQVsJciQcUQah4i2xo9UiT/upMEahcUaA5YoBtifeesUsX9AsguYicvq5e0S
+GL/fqb8rfX7L2uQs+v0iebaqPNB/knxOzZOA89y82bB7MjPxcqBxShw/fGG7MjCJ
+P3Ua7JP5ptQQ0IWg4CBbuVOScZDUeO8wHqGDmsd3/AkUUQHgiYg3YIOBnVHbSNza
+I5Q1KDNnVzJJgdkGm5rKg6Ve38gsxgRr3QZl70BPY20uEunKVYcp1XkcHrtKk1Q0
+oMXO25sRFqsUn+iUjz5cXCV8ek5qJcZ9YDTg/xFvPpC/pLqE/qhGcro4S3ehU3oh
+za/Lki5oU0tdgWrzOw2ZuFZvAd9r3W0AK4ZgmTSyZz65om/oJRWFwbTF5RI1i7OC
+DDOPhZwGuJdxEkNRy+lC3CMbqsBGpx13IfGBTCpMN4IYm9ME9BE7pA==
 -----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/s_rsa_pass_ca1_pub.pem b/cpp/test/IceSSL/certs/s_rsa_pass_ca1_pub.pem
index 9cacca2b28e..4c249ceac22 100644
--- a/cpp/test/IceSSL/certs/s_rsa_pass_ca1_pub.pem
+++ b/cpp/test/IceSSL/certs/s_rsa_pass_ca1_pub.pem
@@ -6,23 +6,23 @@ UzEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMTUwNDE0MTkyMDI4
 WhcNMjAwNDEyMTkyMDI4WjCBhTEPMA0GA1UEAwwGU2VydmVyMQwwCgYDVQQLDANJ
 Y2UxFDASBgNVBAoMC1plcm9DLCBJbmMuMRAwDgYDVQQHDAdKdXBpdGVyMRAwDgYD
 VQQIDAdGbG9yaWRhMQswCQYDVQQGEwJVUzEdMBsGCSqGSIb3DQEJARYOaW5mb0B6
-ZXJvYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4v1tDKdx7
-FH1URO2r1cMAl6LKzRkbobOrSssVr0QcrE5Qh53BgPA+PnGWybIilzJDtjPPSZNM
-2yBpY8Fa9V61gV8Sfra/tR165n/kKB1jqv+RaFEJETBRXb7TCgyYXfvxyNGec8QO
-eFegnz5H1At2tgidPgA/fjQfJxywcCj3o4V6cqoZJaxxZYi0qcwDl4/FyVBoiY4k
-vgADsrf5CtQ6XT6nmboh16D2BVr2DRZ9Oz5f8cVooIC7566DaaaSMILMpcYXslBw
-UluVL/Q/QBrfvUhx0Ckhi0gYH4sWozmAXxSuHal95oOOavIuxU/7THJPY4Um+Ume
-sdpAShESFFOHAgMBAAGjggExMIIBLTAdBgNVHQ4EFgQURN1T0UN79KMBwttTZ4Ut
-pYIE6BkwgcIGA1UdIwSBujCBt4AU/tfGBlW7TcKW4yXA1OChL+hiYhmhgZSkgZEw
+ZXJvYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClu6r4Po1Q
+hZcMTWFegPsl73FvJ5UQO2fLy03+G2/i78W7k3EGPXsRlVyWT5emkoMUelU7UhqI
+pASUe0rRVDSsO1UEgnwxSDZETb/JITI1yT31AaAM2jKHdc3v4cyHph7FwFkrFdWr
+FBiO/dE5J+6VaTV8068yZsFA3cT8THG3ZRMv3RRi4cmoF9T5x6j3ZaHQZp9yOqeL
+ZVWKsNatojJgacdVNM/nRaLWxV8blvatOS5pFsuBcNrm3vTtLDQ3n9FvCrnNde96
+T2W437+hd/Yo0l8fjUK6U5fk6gyt2b562jxu9r/r0SJg4kWV+5LOgLRTb8PyClOB
+8N/nfVrQPrThAgMBAAGjggExMIIBLTAdBgNVHQ4EFgQUR4Su+fKFPZkwagM4QRq5
+68OctU0wgcIGA1UdIwSBujCBt4AU/tfGBlW7TcKW4yXA1OChL+hiYhmhgZSkgZEw
 gY4xGDAWBgNVBAMMD1plcm9DIFRlc3QgQ0EgMTEMMAoGA1UECwwDSWNlMRQwEgYD
 VQQKDAtaZXJvQywgSW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UECAwHRmxv
 cmlkYTELMAkGA1UEBhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29t
 gghp7ivyFB07bTALBgNVHQ8EBAMCBeAwFwYDVR0RBBAwDocEfwAAAYIGc2VydmVy
 MCEGA1UdEgQaMBiHBH8AAAGBEGlzc3VlckB6ZXJvYy5jb20wDQYJKoZIhvcNAQEL
-BQADggEBAJnvARBqA/BOd2UWkAiL6032M7S/U/a542e7Q8mzjLwB4D0ltmvkVEDR
-xW0+bmHhdog8sR3YzSmTU3BjeHgz9SgzZr2Rg2ul3B9boC36HLGFl1YTGQewgL4i
-sMqIsB3lK/l2B+lDKOil72qrPVKve1yZc2ftG6squFiFLyrPRgNXlkaxovMnACVD
-UUHoBvPkJzx1YAi5L6QzWHCG3L7YOBzTM0KIvAKDEdPgPvQUl0yqvLvPsa00+lUZ
-TxJaqYPvDH1KMQN1QRawhqrawmKJ38VQyBtc4D8OpB1odADvhf4fDuyos2wivm7q
-uBBP3aviHySG8VZUPgH752YMegawTbk=
+BQADggEBAGOHefEOzlgIrvXWfm/bcXkrgzMRSCbKJn2PRsABFrW14ninzYJbkNWg
+5oJA2T1829dOKhXtGZm0OTs51236RcYwXe9mb4mZBBDbjqhRvcqwGW2mZjqvgi3K
+FsnWgsxCwbv9IYt8LZlhHTvV5T82OKqlJ0zhBetz/NhnPIQS0NdLsNMoEPUxd2CC
+OLn2quHBMAs08f00VaOruRVCOaS2mUQAimZp7SH4esILhAdqVgzM6Nl0fD92lvly
+VdmVw+GWWc2Xfunf/TmW4wEBecqUjG/KIeMPt7eHUd3BarHWiYcOKbFiUxVmSKz7
+k/wPMrOCkIFen7FjueFPDMPm3sG57n8=
 -----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/s_rsa_wroot_ca1.p12 b/cpp/test/IceSSL/certs/s_rsa_wroot_ca1.p12
new file mode 100644
index 00000000000..bb0b4063d14
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_rsa_wroot_ca1.p12
diff --git a/cpp/test/IceSSL/certs/s_rsa_wroot_ca1_priv.pem b/cpp/test/IceSSL/certs/s_rsa_wroot_ca1_priv.pem
new file mode 100644
index 00000000000..d2755f08d82
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_rsa_wroot_ca1_priv.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEApbuq+D6NUIWXDE1hXoD7Je9xbyeVEDtny8tN/htv4u/Fu5Nx
+Bj17EZVclk+XppKDFHpVO1IaiKQElHtK0VQ0rDtVBIJ8MUg2RE2/ySEyNck99QGg
+DNoyh3XN7+HMh6YexcBZKxXVqxQYjv3ROSfulWk1fNOvMmbBQN3E/Exxt2UTL90U
+YuHJqBfU+ceo92Wh0Gafcjqni2VVirDWraIyYGnHVTTP50Wi1sVfG5b2rTkuaRbL
+gXDa5t707Sw0N5/Rbwq5zXXvek9luN+/oXf2KNJfH41CulOX5OoMrdm+eto8bva/
+69EiYOJFlfuSzoC0U2/D8gpTgfDf531a0D604QIDAQABAoIBAQCLxPdtICPBcshu
+QZwKPTCRT5wUqAcYh2EEB9MgqDb15kyV4sSBBLyTmalZwoocmpcdYAYdXyKtddW+
++zOf0ioRzn/mq7zdOw85D3DcyLg1kCBGTjaSYDoY74rb8UuyYrC1CYCpy2JFQ09q
+2Dfowfp92xqWyVeJZAs7D0yfkkCc7q9VaFdaqXdW3tSAAOPvxDcljY+CYyw3Z7K6
+G34r8tXJpHNuBvIDWC33vNKm4bmBL3GNfkivx4By7+DkIMs2RZWs1Iw+rI8KfsrZ
+m2mXatetctS9UqHCeVV3VF6lxqKazMOHeAC2ydNRSlJnFNLSnHiL/i3fkSBrhDTq
+vEG9MiABAoGBANWdc1h1DXYiPdkZdM6i60vENj1ZYCXccVZRvPBeng19NGGhUV6o
+va3ICJ3WQgPvJgwxczTSQjCvWTExr6bwdQjMSAj9WmjEZ4dPFbhS6RaUh40xd0Wx
+Njd5v3BjMGpG2AX99CtBawnSuDj89OsY74mOIFdvCaNHEQY/1aknNnCBAoGBAMae
+DxOrWZL3wZFjHDUCK4H+ymBpTgyBWUaEIp1g+UK0dDo3kam5IlatjJBXfvwV0xdD
+bq7q6ceUnG72A/hvP0Gud/vhLTiV61PA6+jHh5ZLIDmd8KRLWDNsEzXyUVKj5cM4
+MtDGB5joJLb8dxjpyhFuv2cvsxsOFPmcKakJ1BRhAoGAPWopMXNlzWMG2RYCiS45
+6+ybk4PQqtH4G9MgORNa6ZHnr3ILzOVCs2XhZE+nZy4oiDTnZHZW5Vxkjko0sBBN
+9ZuV0k/U4G4nPbW1Dut3bDCD0Eo6emT6q3RrX8qErulzTjW3L4B9X7Ofl3LSj4z5
+wViFX93irXjPIjbUHO/TLQECgYB6GbcJD4DMkdUErNotWD0o+FqvdG1P0MDyUc75
+0yDJOihtlbXNkgujH6PXJILjNAOGPKUxkSbQ0/JrYIBGXRWVKk2GogJr0/ZMkcA1
+ZVxcL6kK4qaKSetaCWmx81q9JBbesZDDucn33Vacy43n2emoV94A8Fj6G+kXHkKa
+MXmYYQKBgE2dQ6vwGe5teIc9zLAxi74dn8vrlzPWht0+QlSgbKgYZcthJ3gH8xm6
+8NJFlpEzJdnW1S0lerPzhmv5xa90lSb0hH9BRwy/jsgJ+1eVJP4XDqDU2uO6wBFr
+jWNMzVgjvhldvnBl6XbHyi0x0KIl7PL5jVFOVyxRSy6XaEwiTikH
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/s_rsa_wroot_ca1_pub.pem b/cpp/test/IceSSL/certs/s_rsa_wroot_ca1_pub.pem
new file mode 100644
index 00000000000..4c249ceac22
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_rsa_wroot_ca1_pub.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEwzCCA6ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjjEYMBYGA1UEAwwPWmVy
+b0MgVGVzdCBDQSAxMQwwCgYDVQQLDANJY2UxFDASBgNVBAoMC1plcm9DLCBJbmMu
+MRAwDgYDVQQHDAdKdXBpdGVyMRAwDgYDVQQIDAdGbG9yaWRhMQswCQYDVQQGEwJV
+UzEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMTUwNDE0MTkyMDI4
+WhcNMjAwNDEyMTkyMDI4WjCBhTEPMA0GA1UEAwwGU2VydmVyMQwwCgYDVQQLDANJ
+Y2UxFDASBgNVBAoMC1plcm9DLCBJbmMuMRAwDgYDVQQHDAdKdXBpdGVyMRAwDgYD
+VQQIDAdGbG9yaWRhMQswCQYDVQQGEwJVUzEdMBsGCSqGSIb3DQEJARYOaW5mb0B6
+ZXJvYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClu6r4Po1Q
+hZcMTWFegPsl73FvJ5UQO2fLy03+G2/i78W7k3EGPXsRlVyWT5emkoMUelU7UhqI
+pASUe0rRVDSsO1UEgnwxSDZETb/JITI1yT31AaAM2jKHdc3v4cyHph7FwFkrFdWr
+FBiO/dE5J+6VaTV8068yZsFA3cT8THG3ZRMv3RRi4cmoF9T5x6j3ZaHQZp9yOqeL
+ZVWKsNatojJgacdVNM/nRaLWxV8blvatOS5pFsuBcNrm3vTtLDQ3n9FvCrnNde96
+T2W437+hd/Yo0l8fjUK6U5fk6gyt2b562jxu9r/r0SJg4kWV+5LOgLRTb8PyClOB
+8N/nfVrQPrThAgMBAAGjggExMIIBLTAdBgNVHQ4EFgQUR4Su+fKFPZkwagM4QRq5
+68OctU0wgcIGA1UdIwSBujCBt4AU/tfGBlW7TcKW4yXA1OChL+hiYhmhgZSkgZEw
+gY4xGDAWBgNVBAMMD1plcm9DIFRlc3QgQ0EgMTEMMAoGA1UECwwDSWNlMRQwEgYD
+VQQKDAtaZXJvQywgSW5jLjEQMA4GA1UEBwwHSnVwaXRlcjEQMA4GA1UECAwHRmxv
+cmlkYTELMAkGA1UEBhMCVVMxHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29t
+gghp7ivyFB07bTALBgNVHQ8EBAMCBeAwFwYDVR0RBBAwDocEfwAAAYIGc2VydmVy
+MCEGA1UdEgQaMBiHBH8AAAGBEGlzc3VlckB6ZXJvYy5jb20wDQYJKoZIhvcNAQEL
+BQADggEBAGOHefEOzlgIrvXWfm/bcXkrgzMRSCbKJn2PRsABFrW14ninzYJbkNWg
+5oJA2T1829dOKhXtGZm0OTs51236RcYwXe9mb4mZBBDbjqhRvcqwGW2mZjqvgi3K
+FsnWgsxCwbv9IYt8LZlhHTvV5T82OKqlJ0zhBetz/NhnPIQS0NdLsNMoEPUxd2CC
+OLn2quHBMAs08f00VaOruRVCOaS2mUQAimZp7SH4esILhAdqVgzM6Nl0fD92lvly
+VdmVw+GWWc2Xfunf/TmW4wEBecqUjG/KIeMPt7eHUd3BarHWiYcOKbFiUxVmSKz7
+k/wPMrOCkIFen7FjueFPDMPm3sG57n8=
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/configuration/AllTests.cpp b/cpp/test/IceSSL/configuration/AllTests.cpp
index 137d9b90490..4fe14cac55e 100644
--- a/cpp/test/IceSSL/configuration/AllTests.cpp
+++ b/cpp/test/IceSSL/configuration/AllTests.cpp
@@ -204,21 +204,23 @@ typedef IceUtil::Handle<CertificateVerifierI> CertificateVerifierIPtr;
 int keychainN = 0;
 
 static PropertiesPtr
-createClientProps(const Ice::PropertiesPtr& defaultProperties, const string& defaultDir,
-                  const string& defaultHost, bool password)
+createClientProps(const Ice::PropertiesPtr& defaultProps, const string& defaultDir, const string& defaultHost, bool p12)
 {
     PropertiesPtr result = createProperties();
     result->setProperty("Ice.Plugin.IceSSL", "IceSSL:createIceSSL");
-    result->setProperty("IceSSL.DefaultDir", defaultDir);
-    if(!defaultProperties->getProperty("Ice.IPv6").empty())
+    if(!defaultDir.empty())
     {
-        result->setProperty("Ice.IPv6", defaultProperties->getProperty("Ice.IPv6"));
+        result->setProperty("IceSSL.DefaultDir", defaultDir);
+    }
+    if(!defaultProps->getProperty("Ice.IPv6").empty())
+    {
+        result->setProperty("Ice.IPv6", defaultProps->getProperty("Ice.IPv6"));
     }
     if(!defaultHost.empty())
     {
         result->setProperty("Ice.Default.Host", defaultHost);
     }
-    if(password)
+    if(p12)
     {
         result->setProperty("IceSSL.Password", "password");
     }
@@ -234,21 +236,20 @@ createClientProps(const Ice::PropertiesPtr& defaultProperties, const string& def
 }
 
 static Test::Properties
-createServerProps(const Ice::PropertiesPtr& defaultProperties, const string& defaultDir, const string& defaultHost,
-                  bool password)
+createServerProps(const Ice::PropertiesPtr& defaultProps, const string& defaultDir, const string& defaultHost, bool p12)
 {
     Test::Properties result;
     result["Ice.Plugin.IceSSL"] = "IceSSL:createIceSSL";
     result["IceSSL.DefaultDir"] = defaultDir;
-    if(!defaultProperties->getProperty("Ice.IPv6").empty())
+    if(!defaultProps->getProperty("Ice.IPv6").empty())
     {
-        result["Ice.IPv6"] = defaultProperties->getProperty("Ice.IPv6");
+        result["Ice.IPv6"] = defaultProps->getProperty("Ice.IPv6");
     }
     if(!defaultHost.empty())
     {
         result["Ice.Default.Host"] = defaultHost;
     }
-    if(password)
+    if(p12)
     {
         result["IceSSL.Password"] = "password";
     }
@@ -262,6 +263,80 @@ createServerProps(const Ice::PropertiesPtr& defaultProperties, const string& def
     return result;
 }
 
+static Test::Properties
+createServerProps(const Ice::PropertiesPtr& defaultProps, const string& defaultDir, const string& defaultHost,
+                  bool p12, const string& cert, const string& ca)
+{
+    Test::Properties d;
+
+    //
+    // If no CA is specified, we don't set IceSSL.DefaultDir since
+    // with OpenSSL the CAs might still be found.
+    //
+    string pfx;
+    if(ca.empty())
+    {
+        d = createServerProps(defaultProps, "", defaultHost, p12);
+        pfx = defaultDir + "/";
+    }
+    else
+    {
+        d = createServerProps(defaultProps, defaultDir, defaultHost, p12);
+        d["IceSSL.CertAuthFile"] = ca + ".pem";
+    }
+
+    if(!cert.empty())
+    {
+        if(p12)
+        {
+            d["IceSSL.CertFile"] = pfx + cert + ".p12";
+        }
+        else
+        {
+            d["IceSSL.CertFile"] = pfx + cert + "_pub.pem";
+            d["IceSSL.KeyFile"] = pfx + cert + "_priv.pem";
+        }
+    }
+    return d;
+}
+
+static PropertiesPtr
+createClientProps(const Ice::PropertiesPtr& defaultProps, const string& defaultDir, const string& defaultHost,
+                  bool p12, const string& cert, const string& ca)
+{
+    Ice::PropertiesPtr properties;
+
+    //
+    // If no CA is specified, we don't set IceSSL.DefaultDir since
+    // with OpenSSL the CAs might still be found.
+    //
+    string pfx;
+    if(ca.empty())
+    {
+        properties = createClientProps(defaultProps, "", defaultHost, p12);
+        pfx = defaultDir + "/";
+    }
+    else
+    {
+        properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
+        properties->setProperty("IceSSL.CertAuthFile", ca + ".pem");
+    }
+
+    if(!cert.empty())
+    {
+        if(p12)
+        {
+            properties->setProperty("IceSSL.CertFile", pfx + cert + ".p12");
+        }
+        else
+        {
+            properties->setProperty("IceSSL.CertFile", pfx + cert + "_pub.pem");
+            properties->setProperty("IceSSL.KeyFile", pfx + cert + "_priv.pem");
+        }
+    }
+    return properties;
+}
+
 void verify(const IceSSL::CertificatePtr& cert, const IceSSL::CertificatePtr& ca)
 {
     cerr << "Verify signature: ";
@@ -286,17 +361,19 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
 
     string defaultHost = communicator->getProperties()->getProperty("Ice.Default.Host");
     string defaultDir = testDir + "/../certs";
-    Ice::PropertiesPtr defaultProperties = communicator->getProperties();
+    Ice::PropertiesPtr defaultProps = communicator->getProperties();
 #ifdef _WIN32
     string sep = ";";
 #else
     string sep = ":";
 #endif
 
+    IceSSL::NativeConnectionInfoPtr info;
+
     cout << "testing manual initialization... " << flush;
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
         initData.properties->setProperty("Ice.InitPlugins", "0");
         CommunicatorPtr comm = initialize(initData);
         ObjectPrx p = comm->stringToProxy("dummy:ssl -p 9999");
@@ -322,7 +399,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
 #ifndef ICE_USE_SCHANNEL
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
         initData.properties->setProperty("Ice.InitPlugins", "0");
 #  ifdef ICE_USE_OPENSSL
         initData.properties->setProperty("IceSSL.Ciphers", "ADH");
@@ -336,7 +413,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         ObjectPrx obj = comm->stringToProxy(factoryRef);
         test(obj);
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(obj);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12);
 #  ifdef ICE_USE_OPENSSL
         d["IceSSL.Ciphers"] = "ADH";
 #  else
@@ -362,32 +439,16 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     {
         //
         // Test IceSSL.VerifyPeer=0. Client does not have a certificate,
-        // but it still verifies the server's. The createClientProps
-        // function defines IceSSL.DefaultDir, which allows OpenSSL in the
-        // client to find the CA certificate. We remove that property here
-        // to verify that the connection can still proceed without any
-        // CA certificate.
+        // but it still verifies the server's.
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "", "");
         initData.properties->setProperty("IceSSL.VerifyPeer", "0");
-        initData.properties->setProperty("IceSSL.DefaultDir", "");
         CommunicatorPtr comm = initialize(initData);
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
 
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "");
         d["IceSSL.VerifyPeer"] = "0";
         Test::ServerPrx server = fact->createServer(d);
         try
@@ -399,42 +460,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
             cerr << ex << endl;
             test(false);
         }
-        //
-        // Validate that we can get the connection info.
-        //
-        try
-        {
-            IceSSL::NativeConnectionInfoPtr info =
-                IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
-#if defined(ICE_USE_SCHANNEL) || defined(ICE_USE_SECURE_TRANSPORT)
-            //
-            // SChannel doesn't seem to send the root certificate
-            //
-            test(info->nativeCerts.size() == 1);
-#else
-            test(info->nativeCerts.size() == 2);
-#endif
-        }
-        catch(const Ice::LocalException&)
-        {
-            test(false);
-        }
         fact->destroyServer(server);
 
         //
         // Test IceSSL.VerifyPeer=1. Client does not have a certificate.
         //
-        d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.VerifyPeer"] = "1";
         server = fact->createServer(d);
         try
@@ -451,17 +482,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // Test IceSSL.VerifyPeer=2. This should fail because the client
         // does not supply a certificate.
         //
-        d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.VerifyPeer"] = "2";
         server = fact->createServer(d);
         try
@@ -471,56 +492,35 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         }
         catch(const ProtocolException&)
         {
-            // Expected.
+            // Expected, if reported as an SSL alert by the server.
         }
-#if defined(_WIN32) || defined(ICE_USE_SECURE_TRANSPORT)
         catch(const ConnectionLostException&)
         {
             // Expected.
         }
-#endif
         catch(const LocalException&)
         {
             test(false);
         }
         fact->destroyServer(server);
-
         comm->destroy();
 
         //
         // Test IceSSL.VerifyPeer=1. Client has a certificate.
         //
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
-
+        // Provide "cacert1" to the client to verify the server
+        // certificate (without this the client connection wouln't be
+        // able to provide the certificate chain).
+        //
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.VerifyPeer", "0");
         comm = initialize(initData);
         fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
 
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.VerifyPeer"] = "1";
         server = fact->createServer(d);
-
         try
         {
             IceSSL::CertificatePtr clientCert = IceSSL::Certificate::load(defaultDir + "/c_rsa_ca1_pub.pem");
@@ -547,9 +547,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
             test(serverCert->verify(caCert));
             test(caCert->verify(caCert));
 
-            IceSSL::NativeConnectionInfoPtr info =
-                IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
-
+            info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
             test(info->nativeCerts.size() == 2);
 
             test(caCert == info->nativeCerts[1]);
@@ -576,17 +574,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         //
         // Test IceSSL.VerifyPeer=2. Client has a certificate.
         //
-        d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.VerifyPeer"] = "2";
         server = fact->createServer(d);
         try
@@ -604,26 +592,14 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
 
         //
         // Test IceSSL.VerifyPeer=1. This should fail because the client doesn't
-        // trust the server's CA. We disable IceSSL.DefaultDir in the client so that
-        // OpenSSL can't search for the server's CA certificate.
+        // trust the server's CA.
         //
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.DefaultDir", "");
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "", "");
         initData.properties->setProperty("IceSSL.VerifyPeer", "1");
         comm = initialize(initData);
         fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.VerifyPeer"] = "0";
         server = fact->createServer(d);
         try
@@ -631,16 +607,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
             server->ice_ping();
             test(false);
         }
-        catch(const ProtocolException&)
-        {
-            // Expected.
-        }
-#if defined(_WIN32) || defined(ICE_USE_SECURE_TRANSPORT)
-        catch(const ConnectionLostException&)
+        catch(const SecurityException&)
         {
             // Expected.
         }
-#endif
         catch(const LocalException&)
         {
             test(false);
@@ -651,38 +621,14 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
 
         //
         // Test IceSSL.VerifyPeer=1. This should fail because the server doesn't
-        // trust the client's CA. The IceSSL.DefaultDir setting in the client
-        // allows OpenSSL to find the server's CA certificate. We have to disable
-        // IceSSL.DefaultDir in the server so that it can't find the client's CA
-        // certificate.
+        // trust the client's CA.
         //
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert2.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca2.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca2_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca2_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca2", "");
         initData.properties->setProperty("IceSSL.VerifyPeer", "0");
         comm = initialize(initData);
         fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d.erase("IceSSL.DefaultDir");
-        d["IceSSL.CertAuthFile"] = defaultDir + "/cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = defaultDir + "/s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = defaultDir + "/s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = defaultDir + "/s_rsa_ca1_priv.pem";
-        }
+        d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "");
         d["IceSSL.VerifyPeer"] = "1";
         server = fact->createServer(d);
         try
@@ -690,43 +636,26 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
             server->ice_ping();
             test(false);
         }
-        catch(const ProtocolException&)
-        {
-            // Expected.
-        }
-#if defined(_WIN32) || defined(ICE_USE_SECURE_TRANSPORT)
         catch(const ConnectionLostException&)
         {
             // Expected.
         }
-#endif
         catch(const LocalException&)
         {
            test(false);
         }
         fact->destroyServer(server);
-
         comm->destroy();
 
         //
         // This should succeed because the self signed certificate used by the server is
         // trusted.
         //
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert2.pem");
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "", "cacert2");
         comm = initialize(initData);
         fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = defaultDir + "/cacert2.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = defaultDir + "/cacert2.pem";
-            d["IceSSL.KeyFile"] = defaultDir + "/cakey2.pem";
-        }
+        d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "cacert2", "");
         d["IceSSL.VerifyPeer"] = "0";
         server = fact->createServer(d);
         try
@@ -738,30 +667,17 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
             test(false);
         }
         fact->destroyServer(server);
-
         comm->destroy();
 
         //
         // This should fail because the self signed certificate used by the server is not
-        // trusted.  The IceSSL.DefaultDir setting in the client allows OpenSSL to find
-        // the server's CA certificate. We have to disable IceSSL.DefaultDir in the client
-        // so that it can't find the server's CA certificate.
+        // trusted.
         //
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.DefaultDir", "");
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "", "");
         comm = initialize(initData);
         fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = defaultDir + "/cacert2.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = defaultDir + "/cacert2.pem";
-            d["IceSSL.KeyFile"] = defaultDir + "/cakey2.pem";
-        }
+        d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "cacert2", "");
         d["IceSSL.VerifyPeer"] = "0";
         server = fact->createServer(d);
         try
@@ -769,53 +685,25 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
             server->ice_ping();
             test(false);
         }
-        catch(const ProtocolException&)
-        {
-            // Expected.
-        }
-#ifdef _WIN32
-        catch(const ConnectionLostException&)
+        catch(const SecurityException&)
         {
             // Expected.
         }
-#endif
         catch(const LocalException&)
         {
             test(false);
         }
         fact->destroyServer(server);
-
         comm->destroy();
 
         //
         // Verify that IceSSL.CheckCertName has no effect in a server.
         //
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         comm = initialize(initData);
-
         fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.CheckCertName"] = "1";
         server = fact->createServer(d);
         try
@@ -839,140 +727,300 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
             //
             // Test subject alternative name.
             //
+            initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
+            initData.properties->setProperty("IceSSL.CheckCertName", "1");
+            comm = initialize(initData);
+
+            fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+            test(fact);
+            d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
+            server = fact->createServer(d);
+            try
             {
-                initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-                initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-                if(p12)
-                {
-                    initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-                }
-                else
-                {
-                    initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-                    initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-                }
-                initData.properties->setProperty("IceSSL.CheckCertName", "1");
-                comm = initialize(initData);
-
-                fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
-                test(fact);
-                d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-                d["IceSSL.CertAuthFile"] = "cacert1.pem";
-                if(p12)
-                {
-                    d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-                }
-                else
-                {
-                    d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-                    d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-                }
-                server = fact->createServer(d);
-                try
-                {
-                    server->ice_ping();
-                }
-                catch(const LocalException&)
-                {
-                    test(false);
-                }
-                fact->destroyServer(server);
-                comm->destroy();
+                server->ice_ping();
+            }
+            catch(const LocalException&)
+            {
+                test(false);
             }
+            fact->destroyServer(server);
+            comm->destroy();
+
             //
             // Test common name.
             //
+            initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
+            initData.properties->setProperty("IceSSL.CheckCertName", "1");
+            comm = initialize(initData);
+
+            fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+            test(fact);
+            d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1_cn1", "cacert1");
+            server = fact->createServer(d);
+            try
             {
-                initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-                initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-                if(p12)
-                {
-                    initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-                }
-                else
-                {
-                    initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-                    initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-                }
-                initData.properties->setProperty("IceSSL.CheckCertName", "1");
-                comm = initialize(initData);
-
-                fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
-                test(fact);
-                d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-                d["IceSSL.CertAuthFile"] = "cacert1.pem";
-                if(p12)
-                {
-                    d["IceSSL.CertFile"] = "s_rsa_ca1_cn1.p12";
-                }
-                else
-                {
-                    d["IceSSL.CertFile"] = "s_rsa_ca1_cn1_pub.pem";
-                    d["IceSSL.KeyFile"] = "s_rsa_ca1_cn1_priv.pem";
-                }
-                server = fact->createServer(d);
-                try
-                {
-                    server->ice_ping();
-                }
-                catch(const LocalException&)
-                {
-                    test(false);
-                }
-                fact->destroyServer(server);
-                comm->destroy();
+                server->ice_ping();
+            }
+            catch(const LocalException&)
+            {
+                test(false);
             }
+            fact->destroyServer(server);
+            comm->destroy();
+
             //
             // Test common name again. The certificate used in this test has "127.0.0.11" as its
             // common name, therefore the address "127.0.0.1" must NOT match.
             //
+            initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
+            initData.properties->setProperty("IceSSL.CheckCertName", "1");
+            comm = initialize(initData);
+
+            fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+            test(fact);
+            d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1_cn2", "cacert1");
+            server = fact->createServer(d);
+            try
             {
-                initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-                initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-                if(p12)
-                {
-                    initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-                }
-                else
-                {
-                    initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-                    initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-                }
-                initData.properties->setProperty("IceSSL.CheckCertName", "1");
-                comm = initialize(initData);
-
-                fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
-                test(fact);
-                d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-                d["IceSSL.CertAuthFile"] = "cacert1.pem";
-                if(p12)
-                {
-                    d["IceSSL.CertFile"] = "s_rsa_ca1_cn2.p12";
-                }
-                else
-                {
-                    d["IceSSL.CertFile"] = "s_rsa_ca1_cn2_pub.pem";
-                    d["IceSSL.KeyFile"] = "s_rsa_ca1_cn2_priv.pem";
-                }
-                server = fact->createServer(d);
-                try
-                {
-                    server->ice_ping();
-                    test(false);
-                }
-                catch(const LocalException&)
-                {
-                    // Expected.
-                }
-                fact->destroyServer(server);
-                comm->destroy();
+                server->ice_ping();
+                test(false);
+            }
+            catch(const LocalException&)
+            {
+                // Expected.
             }
+            fact->destroyServer(server);
+            comm->destroy();
         }
     }
     cout << "ok" << endl;
 
-    cout << "testing custom certificate verifier... " << flush;
+    cout << "testing certificate chains... " << flush;
+    {
+        InitializationData initData;
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "", "");
+        initData.properties->setProperty("IceSSL.VerifyPeer", "0");
+        CommunicatorPtr comm = initialize(initData);
+
+        Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+        test(fact);
+
+        //
+        // The client can't verify the server certificate but it should
+        // still provide it. "s_rsa_ca1" doesn't include the root so the
+        // cert size should be 1.
+        //
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "");
+        d["IceSSL.VerifyPeer"] = "0";
+        Test::ServerPrx server = fact->createServer(d);
+        try
+        {
+            info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
+            test(info->nativeCerts.size() == 1);
+        }
+        catch(const Ice::LocalException& ex)
+        {
+            cerr << ex << endl;
+            test(false);
+        }
+        fact->destroyServer(server);
+
+        //
+        // Setting the CA for the server shouldn't change anything, it
+        // shouldn't modify the cert chain sent to the client.
+        //
+        d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
+        d["IceSSL.VerifyPeer"] = "0";
+        server = fact->createServer(d);
+        try
+        {
+            info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
+#ifdef ICE_USE_OPENSSL
+            test(info->nativeCerts.size() == 2); // TODO: Fix OpenSSL
+#else
+            test(info->nativeCerts.size() == 1);
+#endif
+        }
+        catch(const Ice::LocalException& ex)
+        {
+            cerr << ex << endl;
+            test(false);
+        }
+        fact->destroyServer(server);
+
+        //
+        // The client can't verify the server certificate but should
+        // still provide it. "s_rsa_wroot_ca1" includes the root so
+        // the cert size should be 2.
+        //
+        if(p12)
+        {
+            d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_wroot_ca1", "");
+            d["IceSSL.VerifyPeer"] = "0";
+            server = fact->createServer(d);
+            try
+            {
+                info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
+#ifdef ICE_USE_SCHANNEL
+                test(info->nativeCerts.size() == 1); // SChannel never sends the root certificate
+#else
+                test(info->nativeCerts.size() == 2);
+#endif
+            }
+            catch(const Ice::LocalException& ex)
+            {
+                cerr << ex << endl;
+                test(false);
+            }
+            fact->destroyServer(server);
+        }
+        comm->destroy();
+
+        //
+        // Now the client verifies the server certificate
+        //
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "", "cacert1");
+        initData.properties->setProperty("IceSSL.VerifyPeer", "1");
+        comm = initialize(initData);
+
+        fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+        test(fact);
+
+        {
+            Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "");
+            d["IceSSL.VerifyPeer"] = "0";
+            Test::ServerPrx server = fact->createServer(d);
+            try
+            {
+                info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
+#ifdef ICE_USE_OPENSSL
+		test(info->nativeCerts.size() == 1); // TODO: Fix OpenSSL
+#else
+                test(info->nativeCerts.size() == 2);
+#endif
+            }
+            catch(const Ice::LocalException& ex)
+            {
+                cerr << ex << endl;
+                test(false);
+            }
+            fact->destroyServer(server);
+        }
+
+        {
+            Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_cai1", "");
+            d["IceSSL.VerifyPeer"] = "0";
+            Test::ServerPrx server = fact->createServer(d);
+            try
+            {
+                IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
+#ifndef ICE_USE_OPENSSL // TODO: FIX
+                test(false);
+#endif
+            }
+            catch(const Ice::SecurityException&)
+            {
+                // Chain length too long
+            }
+            catch(const Ice::LocalException& ex)
+            {
+                cerr << ex << endl;
+                test(false);
+            }
+            fact->destroyServer(server);
+        }
+        comm->destroy();
+
+        //
+        // Increase VerifyDepthMax to 3
+        //
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "", "cacert1");
+        initData.properties->setProperty("IceSSL.VerifyPeer", "1");
+        initData.properties->setProperty("IceSSL.VerifyDepthMax", "3");
+        comm = initialize(initData);
+
+        fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+        test(fact);
+
+        {
+            Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_cai1", "");
+            d["IceSSL.VerifyPeer"] = "0";
+            Test::ServerPrx server = fact->createServer(d);
+            try
+            {
+                info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
+#ifndef ICE_USE_OPENSSL // TODO: FIX
+                test(info->nativeCerts.size() == 3);
+#endif
+            }
+            catch(const Ice::LocalException& ex)
+            {
+                cerr << ex << endl;
+#ifndef ICE_USE_SCHANNEL // TODO: FIX
+                test(false);
+#endif
+            }
+            fact->destroyServer(server);
+        }
+
+        {
+            Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_cai2", "");
+            d["IceSSL.VerifyPeer"] = "0";
+            Test::ServerPrx server = fact->createServer(d);
+            try
+            {
+                IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
+#ifndef ICE_USE_OPENSSL // TODO: FIX
+                test(false);
+#endif
+            }
+            catch(const Ice::SecurityException&)
+            {
+                // Chain length too long
+            }
+            fact->destroyServer(server);
+        }
+        comm->destroy();
+
+        //
+        // Increase VerifyDepthMax to 4
+        //
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "", "cacert1");
+        initData.properties->setProperty("IceSSL.VerifyPeer", "1");
+        initData.properties->setProperty("IceSSL.VerifyDepthMax", "4");
+        comm = initialize(initData);
+
+        fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+        test(fact);
 
+        {
+            Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_cai2", "");
+            d["IceSSL.VerifyPeer"] = "0";
+            Test::ServerPrx server = fact->createServer(d);
+            try
+            {
+                info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
+#ifdef ICE_USE_OPENSSL // TODO: FIX
+                test(info->nativeCerts.size() == 3);
+#else
+                test(info->nativeCerts.size() == 4);
+#endif
+            }
+            catch(const Ice::LocalException& ex)
+            {
+                cerr << ex << endl;
+#ifndef ICE_USE_SCHANNEL // TODO: FIX
+                test(false);
+#endif
+            }
+            fact->destroyServer(server);
+        }
+
+        comm->destroy();
+    }
+    cout << "ok" << endl;
+
+    cout << "testing custom certificate verifier... " << flush;
     {
 //
 // Anonymous ciphers are not supported with SChannel.
@@ -982,7 +1030,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // ADH is allowed but will not have a certificate.
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
 #  ifdef ICE_USE_OPENSSL
         initData.properties->setProperty("IceSSL.Ciphers", "ADH");
 #  else
@@ -997,7 +1045,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12);
 #  ifdef ICE_USE_OPENSSL
         string cipherSub = "ADH-";
         d["IceSSL.Ciphers"] = "ADH";
@@ -1010,8 +1058,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         try
         {
             server->checkCipher(cipherSub);
-            IceSSL::NativeConnectionInfoPtr info =
-                IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
+            info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
             test(info->cipher.compare(0, cipherSub.size(), cipherSub) == 0);
         }
         catch(const LocalException&)
@@ -1053,17 +1100,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // Verify that a server certificate is present.
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.VerifyPeer", "0");
         CommunicatorPtr comm = initialize(initData);
         IceSSL::PluginPtr plugin = IceSSL::PluginPtr::dynamicCast(comm->getPluginManager()->getPlugin("IceSSL"));
@@ -1073,17 +1110,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.VerifyPeer"] = "2";
         Test::ServerPrx server = fact->createServer(d);
         try
@@ -1115,34 +1142,14 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // in common.
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.VerifyPeer", "0");
         initData.properties->setProperty("IceSSL.Protocols", "ssl3");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.VerifyPeer"] = "0";
         d["IceSSL.Protocols"] = "tls";
         Test::ServerPrx server = fact->createServer(d);
@@ -1172,17 +1179,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         comm = initialize(initData);
         fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.VerifyPeer"] = "0";
         d["IceSSL.Protocols"] = "tls, ssl3";
         server = fact->createServer(d);
@@ -1204,34 +1201,14 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         //
         {
             InitializationData initData;
-            initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-            initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-            if(p12)
-            {
-                initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-            }
-            else
-            {
-                initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-                initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-            }
+            initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
             initData.properties->setProperty("IceSSL.VerifyPeer", "0");
             initData.properties->setProperty("IceSSL.Protocols", "ssl3");
             CommunicatorPtr comm = initialize(initData);
 
             Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
             test(fact);
-            Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-            d["IceSSL.CertAuthFile"] = "cacert1.pem";
-            if(p12)
-            {
-                d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-            }
-            else
-            {
-                d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-                d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-            }
+            Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
             d["IceSSL.VerifyPeer"] = "0";
             Test::ServerPrx server = fact->createServer(d);
             try
@@ -1260,24 +1237,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         //
         {
             InitializationData initData;
-            initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-            initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
+            initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "", "cacert1");
             initData.properties->setProperty("IceSSL.Protocols", "ssl3");
             CommunicatorPtr comm = initialize(initData);
 
             Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
             test(fact);
-            Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-            d["IceSSL.CertAuthFile"] = "cacert1.pem";
-            if(p12)
-            {
-                d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-            }
-            else
-            {
-                d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-                d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-            }
+            Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "");
             d["IceSSL.VerifyPeer"] = "0";
             d["IceSSL.Protocols"] = "ssl3, tls, tls1_1, tls1_2";
             Test::ServerPrx server = fact->createServer(d);
@@ -1299,7 +1265,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // in common.
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
         initData.properties->setProperty("IceSSL.Ciphers", "(DH_anon*)");
         initData.properties->setProperty("IceSSL.VerifyPeer", "0");
         initData.properties->setProperty("IceSSL.ProtocolVersionMax", "ssl3");
@@ -1307,7 +1273,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         CommunicatorPtr comm = initialize(initData);
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12);
         d["IceSSL.Ciphers"] = "(DH_anon*)";
         d["IceSSL.VerifyPeer"] = "0";
         d["IceSSL.ProtocolVersionMax"] = "tls1_2";
@@ -1339,7 +1305,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         comm = initialize(initData);
         fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
+        d = createServerProps(defaultProps, defaultDir, defaultHost, p12);
         d["IceSSL.Ciphers"] = "(DH_anon*)";
         d["IceSSL.VerifyPeer"] = "0";
         d["IceSSL.ProtocolVersionMax"] = "tls1";
@@ -1362,17 +1328,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         //
         {
             InitializationData initData;
-            initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-            initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-            if(p12)
-            {
-                initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-            }
-            else
-            {
-                initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-                initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-            }
+            initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
             initData.properties->setProperty("IceSSL.VerifyPeer", "0");
             initData.properties->setProperty("IceSSL.ProtocolVersionMin", "ssl3");
             initData.properties->setProperty("IceSSL.ProtocolVersionMax", "ssl3");
@@ -1380,17 +1336,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
 
             Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
             test(fact);
-            Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-            d["IceSSL.CertAuthFile"] = "cacert1.pem";
-            if(p12)
-            {
-                d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-            }
-            else
-            {
-                d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-                d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-            }
+            Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
             d["IceSSL.VerifyPeer"] = "0";
             Test::ServerPrx server = fact->createServer(d);
             try
@@ -1419,17 +1365,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         //
         {
             InitializationData initData;
-            initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-            initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-            if(p12)
-            {
-                initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-            }
-            else
-            {
-                initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-                initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-            }
+            initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
             initData.properties->setProperty("IceSSL.VerifyPeer", "0");
             initData.properties->setProperty("IceSSL.ProtocolVersionMin", "ssl3");
             initData.properties->setProperty("IceSSL.ProtocolVersionMax", "ssl3");
@@ -1437,17 +1373,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
 
             Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
             test(fact);
-            Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-            d["IceSSL.CertAuthFile"] = "cacert1.pem";
-            if(p12)
-            {
-                d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-            }
-            else
-            {
-                d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-                d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-            }
+            Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
             d["IceSSL.VerifyPeer"] = "0";
             d["IceSSL.ProtocolVersionMin"] = "ssl3";
             Test::ServerPrx server = fact->createServer(d);
@@ -1477,47 +1403,21 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         }
 
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         CommunicatorPtr comm = initialize(initData);
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_exp.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_exp_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_exp_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1_exp", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
             server->ice_ping();
             test(false);
         }
-        catch(const ProtocolException&)
-        {
-            // Expected.
-        }
-#if defined(_WIN32) || defined(ICE_USE_SECURE_TRANSPORT)
-        catch(const ConnectionLostException&)
+        catch(const SecurityException&)
         {
             // Expected.
         }
-#endif
         catch(const LocalException& ex)
         {
             cerr << ex << endl;
@@ -1534,47 +1434,21 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
             test(!cert->checkValidity());
         }
 
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_exp.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_exp_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_exp_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1_exp", "cacert1");
         comm = initialize(initData);
         fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         server = fact->createServer(d);
         try
         {
             server->ice_ping();
             test(false);
         }
-        catch(const ProtocolException&)
-        {
-            // Expected.
-        }
-#if defined(_WIN32) || defined(ICE_USE_SECURE_TRANSPORT)
         catch(const ConnectionLostException&)
         {
             // Expected.
         }
-#endif
         catch(const LocalException& ex)
         {
             cerr << ex << endl;
@@ -1593,29 +1467,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // certificate in the default directory.
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "");
+        initData.properties->setProperty("IceSSL.DefaultDir", defaultDir);
         CommunicatorPtr comm = initialize(initData);
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "");
+        d["IceSSL.DefaultDir"] = defaultDir;
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -1633,7 +1491,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
 #endif
 
     //
-    // SChannel doesn't support PCKS8 certificates (PEM Password protected certificates)
+    // SChannel doesn't support PEM Password protected certificates certificates
     //
 #ifdef ICE_USE_SCHANNEL
     if(p12)
@@ -1645,17 +1503,9 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // Use the correct password.
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, false);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_pass_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_pass_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_pass_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_pass_ca1","cacert1");
+        initData.properties->setProperty("IceSSL.Password", ""); // Clear the password
+
         initData.properties->setProperty("Ice.InitPlugins", "0");
         CommunicatorPtr comm = initialize(initData);
         PluginManagerPtr pm = comm->getPluginManager();
@@ -1667,17 +1517,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         test(prompt->count() == 1);
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -1694,17 +1534,8 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         //
         // Use an incorrect password and check that retries are attempted.
         //
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, false);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_pass_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_pass_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_pass_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_pass_ca1","cacert1");
+        initData.properties->setProperty("IceSSL.Password", ""); // Clear password
         initData.properties->setProperty("IceSSL.PasswordRetryMax", "4");
         initData.properties->setProperty("Ice.InitPlugins", "0");
         comm = initialize(initData);
@@ -1742,7 +1573,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // negotiate to use ADH since we explicitly enable it.
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
 #  ifdef ICE_USE_OPENSSL
         initData.properties->setProperty("IceSSL.Ciphers", "ADH");
 #  else
@@ -1751,10 +1582,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         CommunicatorPtr comm = initialize(initData);
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-        d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
 #  ifdef ICE_USE_OPENSSL
         string cipherSub = "ADH-";
         d["IceSSL.Ciphers"] = "RSA:ADH";
@@ -1767,17 +1595,16 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         try
         {
             server->checkCipher(cipherSub);
-            IceSSL::NativeConnectionInfoPtr info =
-                IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
+            info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
             test(info->cipher.compare(0, cipherSub.size(), cipherSub) == 0);
         }
         catch(const LocalException& ex)
         {
-//
-// OS X 10.10 bug the handshake fails attempting client auth
-// with anon cipher.
-//
 #  ifndef ICE_USE_SECURE_TRANSPORT
+            //
+            // OS X 10.10 bug the handshake fails attempting client auth
+            // with anon cipher.
+            //
             cerr << ex << endl;
             test(false);
 #  endif
@@ -1792,7 +1619,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // provide a certificate.
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
 #  ifdef ICE_USE_OPENSSL
         initData.properties->setProperty("IceSSL.Ciphers", "ALL:!ADH");
 #  else
@@ -1801,7 +1628,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         CommunicatorPtr comm = initialize(initData);
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12);
         d["IceSSL.VerifyPeer"] = "0";
         Test::ServerPrx server = fact->createServer(d);
         try
@@ -1811,14 +1638,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         }
         catch(const ProtocolException&)
         {
-
+            // Expected
         }
-#  if defined(_WIN32) || defined(ICE_USE_SECURE_TRANSPORT)
         catch(const ConnectionLostException&)
         {
-
+            // Expected
         }
-#  endif
         catch(const LocalException& ex)
         {
             cerr << ex << endl;
@@ -1834,10 +1659,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // This should fail because the client disabled all ciphers.
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-        initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.Ciphers", "NONE");
         try
         {
@@ -1859,12 +1681,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // Test IceSSL.DHParams
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
         initData.properties->setProperty("IceSSL.Ciphers", "(DH_anon*)");
         CommunicatorPtr comm = initialize(initData);
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12);
         d["IceSSL.Ciphers"] = "(DH_anon*)";
         d["IceSSL.DHParams"] = "dh_params512.der";
         d["IceSSL.VerifyPeer"] = "0";
@@ -1887,12 +1709,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // Test IceSSL.DHParams
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
         initData.properties->setProperty("IceSSL.Ciphers", "(DH_anon*)");
         CommunicatorPtr comm = initialize(initData);
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12);
         d["IceSSL.Ciphers"] = "(DH_anon*)";
         d["IceSSL.DHParams"] = "dh_params1024.der";
         d["IceSSL.VerifyPeer"] = "0";
@@ -1916,42 +1738,21 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // Client and server should negotiate to use 3DES as it is enabled in both.
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.Ciphers", "3DES");
 
         CommunicatorPtr comm = initialize(initData);
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
 
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.Ciphers"] = "3DES AES_256";
 
         Test::ServerPrx server = fact->createServer(d);
         try
         {
             server->checkCipher("3DES");
-            IceSSL::NativeConnectionInfoPtr info =
-                IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
+            info = IceSSL::NativeConnectionInfoPtr::dynamicCast(server->ice_getConnection()->getInfo());
             test(info->cipher.compare(0, 4, "3DES") == 0);
         }
         catch(const LocalException& ex)
@@ -1967,36 +1768,15 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // Client and server doesn't enable a common cipher negotiate to use 3DES as it is enabled in both.
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.Ciphers", "3DES");
 
         CommunicatorPtr comm = initialize(initData);
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
 
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.Ciphers"] = "AES_256";
-
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -2016,9 +1796,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         comm->destroy();
     }
 #endif
-//
-// No DSA support in Secure Transport.
-//
+
+    //
+    // No DSA support in Secure Transport.
+    //
 #ifndef ICE_USE_SECURE_TRANSPORT
     {
 
@@ -2035,32 +1816,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // First try a client with a DSA certificate.
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_dsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_dsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_dsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_dsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.Ciphers", "DEFAULT:DSS");
         CommunicatorPtr comm = initialize(initData);
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12" + sep + "s_dsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem" + sep + "s_dsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem" + sep + "s_dsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_dsa_ca1", "cacert1");
         d["IceSSL.Ciphers"] = "DEFAULT:DSS";
         d["IceSSL.VerifyPeer"] = "1";
         Test::ServerPrx server = fact->createServer(d);
@@ -2078,22 +1839,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         //
         // Next try a client with an RSA certificate.
         //
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         comm = initialize(initData);
         fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
+        d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "", "cacert1");
         if(p12)
         {
             d["IceSSL.CertFile"] = "s_rsa_ca1.p12" + sep + "s_dsa_ca1.p12";
@@ -2125,13 +1875,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         //
         // Next try a client with ADH. This should fail.
         //
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
         initData.properties->setProperty("IceSSL.Ciphers", "ADH");
         comm = initialize(initData);
         fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
+        d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "", "cacert1");
         d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem" + sep + "s_dsa_ca1_pub.pem";
         d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem" + sep + "s_dsa_ca1_priv.pem";
         d["IceSSL.Ciphers"] = "DEFAULT:DSS";
@@ -2160,34 +1909,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // Configure a server with RSA and a client with DSA. This should fail.
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_dsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_dsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_dsa_ca1_priv.pem");
-        }
-
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_dsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.Ciphers", "DSS");
 
         CommunicatorPtr comm = initialize(initData);
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.VerifyPeer"] = "2";
 
         Test::ServerPrx server = fact->createServer(d);
@@ -2200,12 +1928,10 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         {
             // Expected.
         }
-#   ifdef _WIN32
         catch(const ConnectionLostException&)
         {
             // Expected.
         }
-#   endif
         catch(const LocalException& ex)
         {
             cerr << ex << endl;
@@ -2221,34 +1947,14 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     cout << "testing IceSSL.TrustOnly... " << flush;
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.TrustOnly", "C=US, ST=Florida, O=ZeroC\\, Inc.,"
                                          "OU=Ice, emailAddress=info@zeroc.com, CN=Server");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -2264,34 +1970,14 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.TrustOnly", "!C=US, ST=Florida, O=ZeroC\\, Inc.,"
                                          "OU=Ice, emailAddress=info@zeroc.com, CN=Server");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -2306,34 +1992,14 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.TrustOnly", "C=US, ST=Florida, O=\"ZeroC, Inc.\","
                                          "OU=Ice, emailAddress=info@zeroc.com, CN=Server");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -2348,32 +2014,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.TrustOnly"] = "C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com,CN=Client";
         Test::ServerPrx server = fact->createServer(d);
         try
@@ -2389,32 +2035,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.TrustOnly"] = "!C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com, CN=Client";
         Test::ServerPrx server = fact->createServer(d);
         try
@@ -2430,33 +2056,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.TrustOnly", "CN=Server");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -2471,33 +2077,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.TrustOnly", "!CN=Server");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -2512,32 +2098,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.TrustOnly"] = "CN=Client";
         Test::ServerPrx server = fact->createServer(d);
         try
@@ -2553,32 +2119,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.TrustOnly"] = "!CN=Client";
         Test::ServerPrx server = fact->createServer(d);
         try
@@ -2594,33 +2140,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.TrustOnly", "CN=Client");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -2635,32 +2161,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.TrustOnly"] = "CN=Server";
         Test::ServerPrx server = fact->createServer(d);
         try
@@ -2676,33 +2182,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.TrustOnly", "C=Canada,CN=Server");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -2717,33 +2203,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.TrustOnly", "!C=Canada,CN=Server");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -2758,33 +2224,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.TrustOnly", "C=Canada;CN=Server");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -2799,33 +2245,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.TrustOnly", "!C=Canada;!CN=Server");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -2840,33 +2266,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.TrustOnly", "!CN=Server1"); // Should not match "Server"
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -2881,32 +2287,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.TrustOnly"] = "!CN=Client1"; // Should not match "Client"
         Test::ServerPrx server = fact->createServer(d);
         try
@@ -2926,24 +2312,15 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // Test rejection when client does not supply a certificate.
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        CommunicatorPtr comm = initialize(initData);
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "", "");
         initData.properties->setProperty("IceSSL.VerifyPeer", "0");
+        CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.TrustOnly"] = "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, emailAddress=info@zeroc.com, CN=Client";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.VerifyPeer"] = "0";
+        d["IceSSL.TrustOnly"] = "C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, emailAddress=info@zeroc.com, CN=Client";
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -2961,23 +2338,14 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // Test rejection when client does not supply a certificate.
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        CommunicatorPtr comm = initialize(initData);
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "", "");
         initData.properties->setProperty("IceSSL.VerifyPeer", "0");
+        CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.TrustOnly"] = "!C=US, ST=Florida, O=ZeroC\\, Inc.,OU=Ice, emailAddress=info@zeroc.com, CN=Client";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
         d["IceSSL.VerifyPeer"] = "0";
         Test::ServerPrx server = fact->createServer(d);
         try
@@ -2996,33 +2364,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // Rejection takes precedence (client).
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.TrustOnly", "ST=Florida;!CN=Server;C=US");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -3040,32 +2388,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         // Rejection takes precedence (server).
         //
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.TrustOnly"] = "C=US;!CN=Client;ST=Florida";
         Test::ServerPrx server = fact->createServer(d);
         try
@@ -3084,34 +2412,14 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     cout << "testing IceSSL.TrustOnly.Client... " << flush;
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.TrustOnly.Client", "C=US, ST=Florida, O=ZeroC\\, Inc.,"
                                          "OU=Ice, emailAddress=info@zeroc.com, CN=Server");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         // Should have no effect.
         d["IceSSL.TrustOnly.Client"] = "C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com,"
                                        "CN=Server";
@@ -3130,34 +2438,14 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.TrustOnly.Client", "!C=US, ST=Florida, O=ZeroC\\, Inc.,"
                                          "OU=Ice, emailAddress=info@zeroc.com, CN=Server");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -3172,32 +2460,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         // Should have no effect.
         d["IceSSL.TrustOnly.Client"] = "!CN=Client";
         Test::ServerPrx server = fact->createServer(d);
@@ -3214,33 +2482,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.TrustOnly.Client", "CN=Client");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -3255,33 +2503,13 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         initData.properties->setProperty("IceSSL.TrustOnly.Client", "!CN=Client");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -3299,17 +2527,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     cout << "testing IceSSL.TrustOnly.Server... " << flush;
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         // Should have no effect.
         initData.properties->setProperty("IceSSL.TrustOnly.Server", "C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice,"
                                          "emailAddress=info@zeroc.com,CN=Client");
@@ -3317,17 +2535,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.TrustOnly.Server"] = "C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com,"
                                        "CN=Client";
 
@@ -3345,32 +2553,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.TrustOnly.Server"] =
             "!C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com, CN=Client";
         Test::ServerPrx server = fact->createServer(d);
@@ -3387,34 +2575,14 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         // Should have no effect.
         initData.properties->setProperty("IceSSL.TrustOnly.Server", "!CN=Server");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         Test::ServerPrx server = fact->createServer(d);
         try
         {
@@ -3429,32 +2597,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.TrustOnly.Server"] = "CN=Server";
         Test::ServerPrx server = fact->createServer(d);
         try
@@ -3470,32 +2618,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.TrustOnly.Server"] = "!CN=Client";
         Test::ServerPrx server = fact->createServer(d);
         try
@@ -3514,32 +2642,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     cout << "testing IceSSL.TrustOnly.Server.<AdapterName>... " << flush;
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.TrustOnly.Server.ServerAdapter"] =
             "C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com,CN=Client";
         d["IceSSL.TrustOnly.Server"] = "CN=bogus";
@@ -3557,32 +2665,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.TrustOnly.Server.ServerAdapter"] =
             "!C=US, ST=Florida, O=ZeroC\\, Inc., OU=Ice, emailAddress=info@zeroc.com, CN=Client";
         Test::ServerPrx server = fact->createServer(d);
@@ -3599,32 +2687,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.TrustOnly.Server.ServerAdapter"] = "CN=bogus";
         Test::ServerPrx server = fact->createServer(d);
         try
@@ -3640,32 +2708,12 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
     }
     {
         InitializationData initData;
-        initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
-        initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
-        if(p12)
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1.p12");
-        }
-        else
-        {
-            initData.properties->setProperty("IceSSL.CertFile", "c_rsa_ca1_pub.pem");
-            initData.properties->setProperty("IceSSL.KeyFile", "c_rsa_ca1_priv.pem");
-        }
+        initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12, "c_rsa_ca1", "cacert1");
         CommunicatorPtr comm = initialize(initData);
 
         Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
         test(fact);
-        Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
-        d["IceSSL.CertAuthFile"] = "cacert1.pem";
-        if(p12)
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1.p12";
-        }
-        else
-        {
-            d["IceSSL.CertFile"] = "s_rsa_ca1_pub.pem";
-            d["IceSSL.KeyFile"] = "s_rsa_ca1_priv.pem";
-        }
+        Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
         d["IceSSL.TrustOnly.Server.ServerAdapter"] = "!CN=bogus";
         Test::ServerPrx server = fact->createServer(d);
         try
@@ -3761,7 +2809,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         for(int i = 0; clientFindCertProperties[i] != 0; i++)
         {
             InitializationData initData;
-            initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
+            initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
             initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
             initData.properties->setProperty("IceSSL.FindCert.CurrentUser.My", clientFindCertProperties[i]);
             //
@@ -3773,7 +2821,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
 
             Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
             test(fact);
-            Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
+            Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
             d["IceSSL.CertAuthFile"] = "cacert1.pem";
             d["IceSSL.FindCert.CurrentUser.My"] = serverFindCertProperties[i];
             //
@@ -3802,7 +2850,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         for(int i = 0; failFindCertProperties[i] != 0; i++)
         {
             InitializationData initData;
-            initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
+            initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
             initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
             initData.properties->setProperty("IceSSL.FindCert.CurrentUser.My", failFindCertProperties[i]);
             try
@@ -3831,7 +2879,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         for(int i = 0; clientFindCertProperties[i] != 0; i++)
         {
             InitializationData initData;
-            initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
+            initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
             initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
             initData.properties->setProperty("IceSSL.FindCert.CurrentUser.My", clientFindCertProperties[i]);
             try
@@ -3888,7 +2936,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         for(int i = 0; clientFindCertProperties[i] != 0; i++)
         {
             InitializationData initData;
-            initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
+            initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
             initData.properties->setProperty("IceSSL.CertAuthFile", "cacert1.pem");
             initData.properties->setProperty("IceSSL.Keychain", "../certs/Find.keychain");
             initData.properties->setProperty("IceSSL.KeychainPassword", "password");
@@ -3902,7 +2950,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
 
             Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
             test(fact);
-            Test::Properties d = createServerProps(defaultProperties, defaultDir, defaultHost, p12);
+            Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12);
             d["IceSSL.CertAuthFile"] = "cacert1.pem";
             d["IceSSL.Keychain"] = "../certs/Find.keychain";
             d["IceSSL.KeychainPassword"] = "password";
@@ -3929,7 +2977,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
         for(int i = 0; failFindCertProperties[i] != 0; i++)
         {
             InitializationData initData;
-            initData.properties = createClientProps(defaultProperties, defaultDir, defaultHost, p12);
+            initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
             initData.properties->setProperty("IceSSL.Keychain", "../certs/Find.keychain");
             initData.properties->setProperty("IceSSL.KeychainPassword", "password");
             initData.properties->setProperty("IceSSL.FindCert", failFindCertProperties[i]);
diff --git a/cpp/test/IceSSL/configuration/run.py b/cpp/test/IceSSL/configuration/run.py
index f959fa7cc1e..58c6b79a9e6 100755
--- a/cpp/test/IceSSL/configuration/run.py
+++ b/cpp/test/IceSSL/configuration/run.py
@@ -29,7 +29,7 @@ def cleanup():
     elif TestUtil.isLinux():
         for c in ["cacert1.pem", "cacert2.pem"]:
             pem = os.path.join(certsPath, c)
-            os.system("rm {dir}/`openssl x509 -subject_hash -noout -in {pem}`.0".format(pem=pem, dir=certsPath))
+            os.system("rm -f {dir}/`openssl x509 -subject_hash -noout -in {pem}`.0".format(pem=pem, dir=certsPath))
 
 cleanup()
 atexit.register(cleanup)