diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh
index 95f8a52..af69d37 100644
--- a/tests/scripts/common.sh
+++ b/tests/scripts/common.sh
@@ -182,6 +182,11 @@ launch_bare_server() {
 	${SERV} $* >${LOGFILE-/dev/null} &
 }
 
+launch_bare_server2() {
+	wait_for_free_port "$PORT"
+	"$@" >${LOGFILE-/dev/null} &
+}
+
 wait_server() {
 	local PID=$1
 	trap "test -n \"${PID}\" && kill ${PID};exit 1" 1 15 2
diff --git a/tests/testpkcs11.sh b/tests/testpkcs11.sh
index 9458af2..3d74bfe 100755
--- a/tests/testpkcs11.sh
+++ b/tests/testpkcs11.sh
@@ -67,6 +67,8 @@ have_ed25519=0
 P11TOOL="${VALGRIND} ${P11TOOL} --batch"
 SERV="${SERV} -q"
 
+TESTDATE=2020-12-01
+
 . ${srcdir}/scripts/common.sh
 
 rm -f "${LOGFILE}"
@@ -79,6 +81,8 @@ exit_error () {
 	exit 1
 }
 
+skip_if_no_datefudge
+
 # $1: token
 # $2: PIN
 # $3: filename
@@ -523,6 +527,7 @@ write_certificate_test () {
 	pubkey="$5"
 
 	echo -n "* Generating client certificate... "
+	datefudge -s "$TESTDATE" \
 	"${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM}  --generate-certificate --load-ca-privkey "${cakey}"  --load-ca-certificate "${cacert}"  \
 	--template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \
 	--load-pubkey "$pubkey" --outfile tmp-client.crt >>"${LOGFILE}" 2>&1
@@ -900,7 +905,9 @@ use_certificate_test () {
 	echo -n "* Using PKCS #11 with gnutls-cli (${txt})... "
 	# start server
 	eval "${GETPORT}"
-	launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \
+	launch_bare_server2 datefudge -s "$TESTDATE" \
+	        $VALGRIND $SERV $DEBUG -p "$PORT" \
+		${ADDITIONAL_PARAM} --debug 10 --echo --priority NORMAL --x509certfile="${certfile}" \
 		--x509keyfile="$keyfile" --x509cafile="${cafile}" \
 		--verify-client-cert --require-client-cert >>"${LOGFILE}" 2>&1
 
@@ -908,13 +915,16 @@ use_certificate_test () {
 	wait_server ${PID}
 
 	# connect to server using SC
+	datefudge -s "$TESTDATE" \
 	${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 && \
 		fail ${PID} "Connection should have failed!"
 
+	datefudge -s "$TESTDATE" \
 	${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \
 	--x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \
 		fail ${PID} "Connection (with files) should have succeeded!"
 
+	datefudge -s "$TESTDATE" \
 	${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \
 		--x509keyfile="${token};object=gnutls-client;object-type=private" \
 		--x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \