Move certificates into per-test directories

Each secure test now has its own certs/ subfolder with per-identity
subdirectories and a single shared trust store.  Configs reference
paths relative to the project root (e.g. tests/secure_anonymous/
certs/ServerLDS/cert.der).  Cert generation logic removed from test
scripts since certs are now pre-generated and committed.

52 files changed, 52 insertions, 121 deletions

diff --git a/.gitignore b/.gitignore
index 2bef7c5..2767e20 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,9 +7,6 @@ compile_commands.json
 # Editor / IDE caches
 .cache/
 
-# Certificates (generated, contain private keys)
-certs/
-
 # Claude Code local state
 .claude/
 
diff --git a/readme.md b/readme.md
index f6a7916..bc5d4c0 100644
--- a/readme.md
+++ b/readme.md
@@ -5,7 +5,7 @@ A small C project that demonstrates OPC UA server discovery using the
 
 - **ServerLDS** — Local Discovery Server that other servers register with
 - **ServerRegister** — a server that periodically registers itself with the LDS
-- **Client** — queries the LDS for servers, lists endpoints, or reads the current time from a server
+- **Client** — queries the LDS for servers, lists endpoints, reads the current time, or downloads a server's certificate
 
 ## Prerequisites
 
@@ -23,52 +23,19 @@ git clone --recursive https://git.tvcloud.fr/opcua_c
 cd opcua_c
 ```
 
-### Generate certificates
+### Certificates
 
-The programs use TLS certificates for mutual authentication. ServerLDS and
-ServerRegister can also run without certificates (SecurityPolicy#None only) by
+Test certificates are pre-generated and committed under each test directory
+(e.g. `tests/secure_anonymous/certs/`). Each secure test has per-identity
+subdirectories (`ServerLDS/`, `ServerRegister/`, `ServerRegisterClient/`,
+`Client/`) containing `cert.der` and `key.der`, plus a shared `trust/`
+directory with all certificates.
+
+Programs can also run without certificates (SecurityPolicy#None only) by
 omitting the `certificate`, `privateKey`, and `trustStore` keys from their
 config files.
 
-For encrypted operation, four identities are needed. Each call to
-`tools/generate_certificate.sh` creates a self-signed RSA-2048 certificate
-(`<name>_cert.der`) and private key (`<name>_key.der`) in the given directory:
-
-```sh
-tools/generate_certificate.sh certs ServerLDS
-tools/generate_certificate.sh certs ServerRegister
-tools/generate_certificate.sh certs ServerRegisterClient
-tools/generate_certificate.sh certs Client
-```
-
-| Identity | Used by | Purpose |
-|----------|---------|---------|
-| `ServerLDS` | ServerLDS | Server certificate for the LDS |
-| `ServerRegister` | ServerRegister | Server certificate for the registering server |
-| `ServerRegisterClient` | ServerRegister | Client certificate used when connecting to the LDS |
-| `Client` | Client | Client certificate for all client operations |
-
-### Populate the trust stores
-
-OPC UA applications only accept connections from peers whose certificate is in
-their trust store. Create the trust store directories and symlink each peer's
-certificate:
-
-```sh
-mkdir -p certs/trust/{server_lds,server_register,server_register_client,client}
-
-ln -s ../../ServerRegisterClient_cert.der ../../Client_cert.der \
-   certs/trust/server_lds/
-
-ln -s ../../ServerLDS_cert.der ../../Client_cert.der \
-   certs/trust/server_register/
-
-ln -s ../../ServerLDS_cert.der \
-   certs/trust/server_register_client/
-
-ln -s ../../ServerLDS_cert.der ../../ServerRegister_cert.der \
-   certs/trust/client/
-```
+To generate new certificates, use `tools/generate_certificate.sh <output_dir> <name> [uri]`.
 
 ### Build
 
@@ -102,6 +69,9 @@ build/Client tests/secure_user/client.conf get-endpoints opc.tcp://localhost:148
 
 # 5. Read the current time from the registered server
 build/Client tests/secure_user/client.conf read-time opc.tcp://localhost:14841
+
+# 6. Download the server's certificate to a local file
+build/Client tests/secure_user/client.conf download-cert opc.tcp://localhost:14841 server.der
 ```
 
 All three programs accept an optional log level as the last argument
@@ -117,6 +87,7 @@ Integration tests exercise four combinations of security and authentication:
 | `secure_anonymous` | SignAndEncrypt / Aes256_Sha256_RsaPss | anonymous |
 | `secure_user` | SignAndEncrypt / Aes256_Sha256_RsaPss | user/password |
 | `secure_cert` | SignAndEncrypt / Aes256_Sha256_RsaPss | X509 certificate |
+| `download_cert` | SignAndEncrypt / Aes256_Sha256_RsaPss | anonymous (download-cert) |
 
 Run all tests:
 
diff --git a/tests/run_download_cert_test.sh b/tests/run_download_cert_test.sh
index 9bcc750..f20609c 100755
--- a/tests/run_download_cert_test.sh
+++ b/tests/run_download_cert_test.sh
@@ -20,24 +20,6 @@ TMPFILE=""
 DOWNLOADED_CERT=""
 FAILURES=0
 
-# ── ensure certificates exist ─────────────────────────────────
-CERT_DIR=certs
-GEN_CERT=tools/generate_certificate.sh
-
-for identity in ServerLDS Client; do
-  if [ ! -f "$CERT_DIR/${identity}_cert.der" ]; then
-    "$GEN_CERT" "$CERT_DIR" "$identity"
-  fi
-done
-
-for store in server_lds client; do
-  mkdir -p "$CERT_DIR/trust/$store"
-  for identity in ServerLDS Client; do
-    cert="$CERT_DIR/${identity}_cert.der"
-    [ -f "$cert" ] && cp -n "$cert" "$CERT_DIR/trust/$store/"
-  done
-done
-
 # ── cleanup ────────────────────────────────────────────────────
 cleanup() {
   [ -n "$LDS_PID" ] && kill "$LDS_PID" 2>/dev/null && wait "$LDS_PID" 2>/dev/null
@@ -100,8 +82,8 @@ echo "$DC_OUTPUT" | grep -q "Certificate saved to"
 check "download-cert output contains 'Certificate saved to'" $?
 
 # ── compare with original ─────────────────────────────────────
-cmp -s "$DOWNLOADED_CERT" "certs/ServerLDS_cert.der"
-check "downloaded certificate matches certs/ServerLDS_cert.der" $?
+cmp -s "$DOWNLOADED_CERT" "$CONFIG_DIR/certs/ServerLDS/cert.der"
+check "downloaded certificate matches $CONFIG_DIR/certs/ServerLDS/cert.der" $?
 
 # ── result ─────────────────────────────────────────────────────
 if [ "$FAILURES" -ne 0 ]; then
diff --git a/tests/run_test.sh b/tests/run_test.sh
index 2767919..fc44ad6 100755
--- a/tests/run_test.sh
+++ b/tests/run_test.sh
@@ -28,25 +28,6 @@ SR_PID=""
 TMPFILE=""
 FAILURES=0
 
-# ── ensure certificates exist ─────────────────────────────────
-CERT_DIR=certs
-GEN_CERT=tools/generate_certificate.sh
-
-for identity in ServerLDS ServerRegister ServerRegisterClient Client; do
-  if [ ! -f "$CERT_DIR/${identity}_cert.der" ]; then
-    "$GEN_CERT" "$CERT_DIR" "$identity"
-  fi
-done
-
-# Populate trust stores: each identity trusts every other identity.
-for store in server_lds server_register server_register_client client; do
-  mkdir -p "$CERT_DIR/trust/$store"
-  for identity in ServerLDS ServerRegister ServerRegisterClient Client; do
-    cert="$CERT_DIR/${identity}_cert.der"
-    [ -f "$cert" ] && cp -n "$cert" "$CERT_DIR/trust/$store/"
-  done
-done
-
 # ── cleanup ────────────────────────────────────────────────────
 cleanup() {
   [ -n "$LDS_PID" ] && kill "$LDS_PID" 2>/dev/null && wait "$LDS_PID" 2>/dev/null
diff --git a/tests/secure_anonymous/certs/Client/cert.der b/tests/secure_anonymous/certs/Client/cert.der
new file mode 100644
index 0000000..b4661db
--- /dev/null
+++ b/tests/secure_anonymous/certs/Client/cert.der
diff --git a/tests/secure_anonymous/certs/Client/key.der b/tests/secure_anonymous/certs/Client/key.der
new file mode 100644
index 0000000..4ac4469
--- /dev/null
+++ b/tests/secure_anonymous/certs/Client/key.der
diff --git a/tests/secure_anonymous/certs/ServerLDS/cert.der b/tests/secure_anonymous/certs/ServerLDS/cert.der
new file mode 100644
index 0000000..7460975
--- /dev/null
+++ b/tests/secure_anonymous/certs/ServerLDS/cert.der
diff --git a/tests/secure_anonymous/certs/ServerLDS/key.der b/tests/secure_anonymous/certs/ServerLDS/key.der
new file mode 100644
index 0000000..bb917eb
--- /dev/null
+++ b/tests/secure_anonymous/certs/ServerLDS/key.der
diff --git a/tests/secure_anonymous/certs/ServerRegister/cert.der b/tests/secure_anonymous/certs/ServerRegister/cert.der
new file mode 100644
index 0000000..5b8a6bd
--- /dev/null
+++ b/tests/secure_anonymous/certs/ServerRegister/cert.der
diff --git a/tests/secure_anonymous/certs/ServerRegister/key.der b/tests/secure_anonymous/certs/ServerRegister/key.der
new file mode 100644
index 0000000..83669b7
--- /dev/null
+++ b/tests/secure_anonymous/certs/ServerRegister/key.der
diff --git a/tests/secure_anonymous/certs/ServerRegisterClient/cert.der b/tests/secure_anonymous/certs/ServerRegisterClient/cert.der
new file mode 100644
index 0000000..cf62a2c
--- /dev/null
+++ b/tests/secure_anonymous/certs/ServerRegisterClient/cert.der
diff --git a/tests/secure_anonymous/certs/ServerRegisterClient/key.der b/tests/secure_anonymous/certs/ServerRegisterClient/key.der
new file mode 100644
index 0000000..8f44211
--- /dev/null
+++ b/tests/secure_anonymous/certs/ServerRegisterClient/key.der
diff --git a/tests/secure_anonymous/certs/trust/Client_cert.der b/tests/secure_anonymous/certs/trust/Client_cert.der
new file mode 100644
index 0000000..b4661db
--- /dev/null
+++ b/tests/secure_anonymous/certs/trust/Client_cert.der
diff --git a/tests/secure_anonymous/certs/trust/ServerLDS_cert.der b/tests/secure_anonymous/certs/trust/ServerLDS_cert.der
new file mode 100644
index 0000000..7460975
--- /dev/null
+++ b/tests/secure_anonymous/certs/trust/ServerLDS_cert.der
diff --git a/tests/secure_anonymous/certs/trust/ServerRegisterClient_cert.der b/tests/secure_anonymous/certs/trust/ServerRegisterClient_cert.der
new file mode 100644
index 0000000..cf62a2c
--- /dev/null
+++ b/tests/secure_anonymous/certs/trust/ServerRegisterClient_cert.der
diff --git a/tests/secure_anonymous/certs/trust/ServerRegister_cert.der b/tests/secure_anonymous/certs/trust/ServerRegister_cert.der
new file mode 100644
index 0000000..5b8a6bd
--- /dev/null
+++ b/tests/secure_anonymous/certs/trust/ServerRegister_cert.der
diff --git a/tests/secure_anonymous/client.conf b/tests/secure_anonymous/client.conf
index 2a059fa..4cfc7c2 100644
--- a/tests/secure_anonymous/client.conf
+++ b/tests/secure_anonymous/client.conf
@@ -2,9 +2,9 @@
 
 applicationUri = urn:localhost:bobink:Client
 
-certificate = certs/Client_cert.der
-privateKey = certs/Client_key.der
-trustStore = certs/trust/client
+certificate = tests/secure_anonymous/certs/Client/cert.der
+privateKey = tests/secure_anonymous/certs/Client/key.der
+trustStore = tests/secure_anonymous/certs/trust
 
 securityMode = SignAndEncrypt
 securityPolicy = Aes256_Sha256_RsaPss
diff --git a/tests/secure_anonymous/server_lds.conf b/tests/secure_anonymous/server_lds.conf
index f92b803..8d86c7f 100644
--- a/tests/secure_anonymous/server_lds.conf
+++ b/tests/secure_anonymous/server_lds.conf
@@ -4,9 +4,9 @@
 port = 14840
 applicationUri = urn:localhost:bobink:ServerLDS
 
-certificate = certs/ServerLDS_cert.der
-privateKey = certs/ServerLDS_key.der
-trustStore = certs/trust/server_lds
+certificate = tests/secure_anonymous/certs/ServerLDS/cert.der
+privateKey = tests/secure_anonymous/certs/ServerLDS/key.der
+trustStore = tests/secure_anonymous/certs/trust
 
 authMode = anonymous
 
diff --git a/tests/secure_anonymous/server_register.conf b/tests/secure_anonymous/server_register.conf
index 31df277..b559526 100644
--- a/tests/secure_anonymous/server_register.conf
+++ b/tests/secure_anonymous/server_register.conf
@@ -3,9 +3,9 @@
 port = 14841
 applicationUri = urn:localhost:bobink:ServerRegister
 
-certificate = certs/ServerRegister_cert.der
-privateKey = certs/ServerRegister_key.der
-trustStore = certs/trust/server_register
+certificate = tests/secure_anonymous/certs/ServerRegister/cert.der
+privateKey = tests/secure_anonymous/certs/ServerRegister/key.der
+trustStore = tests/secure_anonymous/certs/trust
 
 authMode = anonymous
 
diff --git a/tests/secure_anonymous/server_register_client.conf b/tests/secure_anonymous/server_register_client.conf
index e7c34c7..183be16 100644
--- a/tests/secure_anonymous/server_register_client.conf
+++ b/tests/secure_anonymous/server_register_client.conf
@@ -3,9 +3,9 @@
 
 applicationUri = urn:localhost:bobink:ServerRegister
 
-certificate = certs/ServerRegisterClient_cert.der
-privateKey = certs/ServerRegisterClient_key.der
-trustStore = certs/trust/server_register_client
+certificate = tests/secure_anonymous/certs/ServerRegisterClient/cert.der
+privateKey = tests/secure_anonymous/certs/ServerRegisterClient/key.der
+trustStore = tests/secure_anonymous/certs/trust
 
 securityMode = SignAndEncrypt
 securityPolicy = Aes256_Sha256_RsaPss
diff --git a/tests/secure_cert/certs/Client/cert.der b/tests/secure_cert/certs/Client/cert.der
new file mode 100644
index 0000000..b4661db
--- /dev/null
+++ b/tests/secure_cert/certs/Client/cert.der
diff --git a/tests/secure_cert/certs/Client/key.der b/tests/secure_cert/certs/Client/key.der
new file mode 100644
index 0000000..4ac4469
--- /dev/null
+++ b/tests/secure_cert/certs/Client/key.der
diff --git a/tests/secure_cert/certs/ServerLDS/cert.der b/tests/secure_cert/certs/ServerLDS/cert.der
new file mode 100644
index 0000000..7460975
--- /dev/null
+++ b/tests/secure_cert/certs/ServerLDS/cert.der
diff --git a/tests/secure_cert/certs/ServerLDS/key.der b/tests/secure_cert/certs/ServerLDS/key.der
new file mode 100644
index 0000000..bb917eb
--- /dev/null
+++ b/tests/secure_cert/certs/ServerLDS/key.der
diff --git a/tests/secure_cert/certs/ServerRegister/cert.der b/tests/secure_cert/certs/ServerRegister/cert.der
new file mode 100644
index 0000000..5b8a6bd
--- /dev/null
+++ b/tests/secure_cert/certs/ServerRegister/cert.der
diff --git a/tests/secure_cert/certs/ServerRegister/key.der b/tests/secure_cert/certs/ServerRegister/key.der
new file mode 100644
index 0000000..83669b7
--- /dev/null
+++ b/tests/secure_cert/certs/ServerRegister/key.der
diff --git a/tests/secure_cert/certs/ServerRegisterClient/cert.der b/tests/secure_cert/certs/ServerRegisterClient/cert.der
new file mode 100644
index 0000000..cf62a2c
--- /dev/null
+++ b/tests/secure_cert/certs/ServerRegisterClient/cert.der
diff --git a/tests/secure_cert/certs/ServerRegisterClient/key.der b/tests/secure_cert/certs/ServerRegisterClient/key.der
new file mode 100644
index 0000000..8f44211
--- /dev/null
+++ b/tests/secure_cert/certs/ServerRegisterClient/key.der
diff --git a/tests/secure_cert/certs/trust/Client_cert.der b/tests/secure_cert/certs/trust/Client_cert.der
new file mode 100644
index 0000000..b4661db
--- /dev/null
+++ b/tests/secure_cert/certs/trust/Client_cert.der
diff --git a/tests/secure_cert/certs/trust/ServerLDS_cert.der b/tests/secure_cert/certs/trust/ServerLDS_cert.der
new file mode 100644
index 0000000..7460975
--- /dev/null
+++ b/tests/secure_cert/certs/trust/ServerLDS_cert.der
diff --git a/tests/secure_cert/certs/trust/ServerRegisterClient_cert.der b/tests/secure_cert/certs/trust/ServerRegisterClient_cert.der
new file mode 100644
index 0000000..cf62a2c
--- /dev/null
+++ b/tests/secure_cert/certs/trust/ServerRegisterClient_cert.der
diff --git a/tests/secure_cert/certs/trust/ServerRegister_cert.der b/tests/secure_cert/certs/trust/ServerRegister_cert.der
new file mode 100644
index 0000000..5b8a6bd
--- /dev/null
+++ b/tests/secure_cert/certs/trust/ServerRegister_cert.der
diff --git a/tests/secure_cert/client.conf b/tests/secure_cert/client.conf
index 68a14aa..b8c7908 100644
--- a/tests/secure_cert/client.conf
+++ b/tests/secure_cert/client.conf
@@ -3,9 +3,9 @@
 
 applicationUri = urn:localhost:bobink:Client
 
-certificate = certs/Client_cert.der
-privateKey = certs/Client_key.der
-trustStore = certs/trust/client
+certificate = tests/secure_cert/certs/Client/cert.der
+privateKey = tests/secure_cert/certs/Client/key.der
+trustStore = tests/secure_cert/certs/trust
 
 securityMode = SignAndEncrypt
 securityPolicy = Aes256_Sha256_RsaPss
diff --git a/tests/secure_cert/server_lds.conf b/tests/secure_cert/server_lds.conf
index ca1f8a6..c863534 100644
--- a/tests/secure_cert/server_lds.conf
+++ b/tests/secure_cert/server_lds.conf
@@ -4,9 +4,9 @@
 port = 14840
 applicationUri = urn:localhost:bobink:ServerLDS
 
-certificate = certs/ServerLDS_cert.der
-privateKey = certs/ServerLDS_key.der
-trustStore = certs/trust/server_lds
+certificate = tests/secure_cert/certs/ServerLDS/cert.der
+privateKey = tests/secure_cert/certs/ServerLDS/key.der
+trustStore = tests/secure_cert/certs/trust
 
 authMode = anonymous
 
diff --git a/tests/secure_cert/server_register.conf b/tests/secure_cert/server_register.conf
index ba6de55..145857c 100644
--- a/tests/secure_cert/server_register.conf
+++ b/tests/secure_cert/server_register.conf
@@ -4,9 +4,9 @@
 port = 14841
 applicationUri = urn:localhost:bobink:ServerRegister
 
-certificate = certs/ServerRegister_cert.der
-privateKey = certs/ServerRegister_key.der
-trustStore = certs/trust/server_register
+certificate = tests/secure_cert/certs/ServerRegister/cert.der
+privateKey = tests/secure_cert/certs/ServerRegister/key.der
+trustStore = tests/secure_cert/certs/trust
 
 authMode = cert
 
diff --git a/tests/secure_cert/server_register_client.conf b/tests/secure_cert/server_register_client.conf
index ddba01d..1838958 100644
--- a/tests/secure_cert/server_register_client.conf
+++ b/tests/secure_cert/server_register_client.conf
@@ -3,9 +3,9 @@
 
 applicationUri = urn:localhost:bobink:ServerRegister
 
-certificate = certs/ServerRegisterClient_cert.der
-privateKey = certs/ServerRegisterClient_key.der
-trustStore = certs/trust/server_register_client
+certificate = tests/secure_cert/certs/ServerRegisterClient/cert.der
+privateKey = tests/secure_cert/certs/ServerRegisterClient/key.der
+trustStore = tests/secure_cert/certs/trust
 
 securityMode = SignAndEncrypt
 securityPolicy = Aes256_Sha256_RsaPss
diff --git a/tests/secure_user/certs/Client/cert.der b/tests/secure_user/certs/Client/cert.der
new file mode 100644
index 0000000..b4661db
--- /dev/null
+++ b/tests/secure_user/certs/Client/cert.der
diff --git a/tests/secure_user/certs/Client/key.der b/tests/secure_user/certs/Client/key.der
new file mode 100644
index 0000000..4ac4469
--- /dev/null
+++ b/tests/secure_user/certs/Client/key.der
diff --git a/tests/secure_user/certs/ServerLDS/cert.der b/tests/secure_user/certs/ServerLDS/cert.der
new file mode 100644
index 0000000..7460975
--- /dev/null
+++ b/tests/secure_user/certs/ServerLDS/cert.der
diff --git a/tests/secure_user/certs/ServerLDS/key.der b/tests/secure_user/certs/ServerLDS/key.der
new file mode 100644
index 0000000..bb917eb
--- /dev/null
+++ b/tests/secure_user/certs/ServerLDS/key.der
diff --git a/tests/secure_user/certs/ServerRegister/cert.der b/tests/secure_user/certs/ServerRegister/cert.der
new file mode 100644
index 0000000..5b8a6bd
--- /dev/null
+++ b/tests/secure_user/certs/ServerRegister/cert.der
diff --git a/tests/secure_user/certs/ServerRegister/key.der b/tests/secure_user/certs/ServerRegister/key.der
new file mode 100644
index 0000000..83669b7
--- /dev/null
+++ b/tests/secure_user/certs/ServerRegister/key.der
diff --git a/tests/secure_user/certs/ServerRegisterClient/cert.der b/tests/secure_user/certs/ServerRegisterClient/cert.der
new file mode 100644
index 0000000..cf62a2c
--- /dev/null
+++ b/tests/secure_user/certs/ServerRegisterClient/cert.der
diff --git a/tests/secure_user/certs/ServerRegisterClient/key.der b/tests/secure_user/certs/ServerRegisterClient/key.der
new file mode 100644
index 0000000..8f44211
--- /dev/null
+++ b/tests/secure_user/certs/ServerRegisterClient/key.der
diff --git a/tests/secure_user/certs/trust/Client_cert.der b/tests/secure_user/certs/trust/Client_cert.der
new file mode 100644
index 0000000..b4661db
--- /dev/null
+++ b/tests/secure_user/certs/trust/Client_cert.der
diff --git a/tests/secure_user/certs/trust/ServerLDS_cert.der b/tests/secure_user/certs/trust/ServerLDS_cert.der
new file mode 100644
index 0000000..7460975
--- /dev/null
+++ b/tests/secure_user/certs/trust/ServerLDS_cert.der
diff --git a/tests/secure_user/certs/trust/ServerRegisterClient_cert.der b/tests/secure_user/certs/trust/ServerRegisterClient_cert.der
new file mode 100644
index 0000000..cf62a2c
--- /dev/null
+++ b/tests/secure_user/certs/trust/ServerRegisterClient_cert.der
diff --git a/tests/secure_user/certs/trust/ServerRegister_cert.der b/tests/secure_user/certs/trust/ServerRegister_cert.der
new file mode 100644
index 0000000..5b8a6bd
--- /dev/null
+++ b/tests/secure_user/certs/trust/ServerRegister_cert.der
diff --git a/tests/secure_user/client.conf b/tests/secure_user/client.conf
index 5059ca9..1ce4452 100644
--- a/tests/secure_user/client.conf
+++ b/tests/secure_user/client.conf
@@ -2,9 +2,9 @@
 
 applicationUri = urn:localhost:bobink:Client
 
-certificate = certs/Client_cert.der
-privateKey = certs/Client_key.der
-trustStore = certs/trust/client
+certificate = tests/secure_user/certs/Client/cert.der
+privateKey = tests/secure_user/certs/Client/key.der
+trustStore = tests/secure_user/certs/trust
 
 securityMode = SignAndEncrypt
 securityPolicy = Aes256_Sha256_RsaPss
diff --git a/tests/secure_user/server_lds.conf b/tests/secure_user/server_lds.conf
index 3babf37..39ca4d1 100644
--- a/tests/secure_user/server_lds.conf
+++ b/tests/secure_user/server_lds.conf
@@ -4,9 +4,9 @@
 port = 14840
 applicationUri = urn:localhost:bobink:ServerLDS
 
-certificate = certs/ServerLDS_cert.der
-privateKey = certs/ServerLDS_key.der
-trustStore = certs/trust/server_lds
+certificate = tests/secure_user/certs/ServerLDS/cert.der
+privateKey = tests/secure_user/certs/ServerLDS/key.der
+trustStore = tests/secure_user/certs/trust
 
 authMode = anonymous
 
diff --git a/tests/secure_user/server_register.conf b/tests/secure_user/server_register.conf
index 65e69d8..d0efa16 100644
--- a/tests/secure_user/server_register.conf
+++ b/tests/secure_user/server_register.conf
@@ -3,9 +3,9 @@
 port = 14841
 applicationUri = urn:localhost:bobink:ServerRegister
 
-certificate = certs/ServerRegister_cert.der
-privateKey = certs/ServerRegister_key.der
-trustStore = certs/trust/server_register
+certificate = tests/secure_user/certs/ServerRegister/cert.der
+privateKey = tests/secure_user/certs/ServerRegister/key.der
+trustStore = tests/secure_user/certs/trust
 
 authMode = user
 username = user
diff --git a/tests/secure_user/server_register_client.conf b/tests/secure_user/server_register_client.conf
index b2edd24..148bab3 100644
--- a/tests/secure_user/server_register_client.conf
+++ b/tests/secure_user/server_register_client.conf
@@ -3,9 +3,9 @@
 
 applicationUri = urn:localhost:bobink:ServerRegister
 
-certificate = certs/ServerRegisterClient_cert.der
-privateKey = certs/ServerRegisterClient_key.der
-trustStore = certs/trust/server_register_client
+certificate = tests/secure_user/certs/ServerRegisterClient/cert.der
+privateKey = tests/secure_user/certs/ServerRegisterClient/key.der
+trustStore = tests/secure_user/certs/trust
 
 securityMode = SignAndEncrypt
 securityPolicy = Aes256_Sha256_RsaPss