diff --git a/pkg/hsm/context_test.go b/pkg/hsm/context_test.go
index ed5c603..7435c71 100644
--- a/pkg/hsm/context_test.go
+++ b/pkg/hsm/context_test.go
@@ -71,6 +71,60 @@ func TestIsVerbose_not_set(t *testing.T) {
 	assert.False(t, hsm.IsVerbose(theContext))
 }
 
+func TestSetupContext(t *testing.T) {
+	testConfig := setupSignerConfig(t)
+
+	theContext := hsm.SetupContext(hsm.SetupModeOption(), hsm.VerboseLoggingOption(), hsm.CaConfigOption(testConfig))
+
+	assert.True(t, hsm.IsSetupMode(theContext))
+	assert.True(t, hsm.IsVerbose(theContext))
+	assert.Equal(t, hsm.GetSignerConfig(theContext), testConfig)
+}
+
+func TestGetP11Context_missing_SetupContext(t *testing.T) {
+	p11Context, err := hsm.GetP11Context(context.Background(), &config.CaCertificateEntry{Storage: "default"})
+
+	assert.Error(t, err)
+	assert.ErrorContains(t, err, "type assertion failed, use hsm.SetupContext first")
+	assert.Nil(t, p11Context)
+}
+
+func TestGetP11Context_unknown_storage(t *testing.T) {
+	testConfig := setupSignerConfig(t)
+
+	theContext := hsm.SetupContext(hsm.SetupModeOption(), hsm.CaConfigOption(testConfig))
+
+	definition := &config.CaCertificateEntry{Storage: "undefined"}
+
+	p11Context, err := hsm.GetP11Context(theContext, definition)
+
+	assert.Error(t, err)
+	assert.ErrorContains(t, err, "key storage undefined not available")
+	assert.Nil(t, p11Context)
+}
+
+func TestGetP11Context(t *testing.T) {
+	testConfig := setupSignerConfig(t)
+	setupSoftHsm(t)
+
+	theContext := hsm.SetupContext(hsm.CaConfigOption(testConfig))
+
+	definition, err := testConfig.GetCADefinition("root")
+
+	require.NoError(t, err)
+
+	p11Context1, err := hsm.GetP11Context(theContext, definition)
+
+	assert.NoError(t, err)
+	assert.NotNil(t, p11Context1)
+
+	p11Context2, err := hsm.GetP11Context(theContext, definition)
+
+	assert.NoError(t, err)
+	assert.NotNil(t, p11Context1)
+	assert.Equal(t, p11Context1, p11Context2)
+}
+
 const testSignerConfig = `---
 Settings:
   organization:
@@ -106,53 +160,25 @@ KeyStorage:
     label: acme-test-hsm
 `
 
-func TestSetupContext(t *testing.T) {
-	testConfig, err := config.LoadConfiguration(strings.NewReader(testSignerConfig))
-
-	require.NoError(t, err)
+func setupSignerConfig(t *testing.T) *config.SignerConfig {
+	t.Helper()
 
-	theContext := hsm.SetupContext(hsm.SetupModeOption(), hsm.VerboseLoggingOption(), hsm.CaConfigOption(testConfig))
-
-	assert.True(t, hsm.IsSetupMode(theContext))
-	assert.True(t, hsm.IsVerbose(theContext))
-	assert.Equal(t, hsm.GetSignerConfig(theContext), testConfig)
-}
-
-func TestGetP11Context_missing_SetupContext(t *testing.T) {
-	p11Context, err := hsm.GetP11Context(context.Background(), &config.CaCertificateEntry{Storage: "default"})
-
-	assert.Error(t, err)
-	assert.ErrorContains(t, err, "type assertion failed, use hsm.SetupContext first")
-	assert.Nil(t, p11Context)
-}
-
-func TestGetP11Context_unknown_storage(t *testing.T) {
-	testConfig, err := config.LoadConfiguration(strings.NewReader(testSignerConfig))
+	conf, err := config.LoadConfiguration(strings.NewReader(testSignerConfig))
 
 	require.NoError(t, err)
 
-	theContext := hsm.SetupContext(hsm.SetupModeOption(), hsm.CaConfigOption(testConfig))
-
-	definition := &config.CaCertificateEntry{Storage: "undefined"}
-
-	p11Context, err := hsm.GetP11Context(theContext, definition)
-
-	assert.Error(t, err)
-	assert.ErrorContains(t, err, "key storage undefined not available")
-	assert.Nil(t, p11Context)
+	return conf
 }
 
-func TestGetP11Context(t *testing.T) {
-	testConfig, err := config.LoadConfiguration(strings.NewReader(testSignerConfig))
-
-	require.NoError(t, err)
+func setupSoftHsm(t *testing.T) {
+	t.Helper()
 
 	tempdir := t.TempDir()
 
 	tokenDir := path.Join(tempdir, "tokens")
 	softhsmConfig := path.Join(tempdir, "softhsm2.conf")
 
-	err = os.Mkdir(tokenDir, 0o700)
+	err := os.Mkdir(tokenDir, 0o700)
 
 	require.NoError(t, err)
 
@@ -177,21 +203,4 @@ func TestGetP11Context(t *testing.T) {
 	require.NoError(t, err)
 
 	t.Setenv("TOKEN_PIN_ACME_TEST_HSM", "123456")
-
-	theContext := hsm.SetupContext(hsm.CaConfigOption(testConfig))
-
-	definition, err := testConfig.GetCADefinition("root")
-
-	require.NoError(t, err)
-
-	p11Context1, err := hsm.GetP11Context(theContext, definition)
-
-	assert.NoError(t, err)
-	assert.NotNil(t, p11Context1)
-
-	p11Context2, err := hsm.GetP11Context(theContext, definition)
-
-	assert.NoError(t, err)
-	assert.NotNil(t, p11Context1)
-	assert.Equal(t, p11Context1, p11Context2)
 }