diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index d1af18ce7..4222fb862 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -45,18 +45,32 @@ all_intermediate += test-ca.req.sha256
 
 test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
 	$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@
-test-ca.der: test-ca.crt
+all_final += test-ca.crt
+
+test-ca.crt.der: test-ca.crt
 	$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
-all_final += test-ca.crt test-ca.der
+all_final += test-ca.crt.der
+
+test-ca.key.der: $(test_ca_key_file_rsa)
+	$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)"
+all_final += test-ca.key.der
 
 test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
 	$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@
 all_final += test-ca-sha1.crt
 
+test-ca-sha1.crt.der: test-ca-sha1.crt
+	$(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
+all_final += test-ca-sha1.crt.der
+
 test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
 	$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA256 version=3 output_file=$@
 all_final += test-ca-sha256.crt
 
+test-ca-sha256.crt.der: test-ca-sha256.crt
+	$(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
+all_final += test-ca-sha256.crt.der
+
 test_ca_key_file_rsa_alt = test-ca-alt.key
 
 $(test_ca_key_file_rsa_alt):
@@ -113,6 +127,14 @@ test-ca.req_ec.sha256: $(test_ca_key_file_ec)
 	$(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256
 all_intermediate += test-ca.req_ec.sha256
 
+test-ca2.crt.der: $(test_ca_crt_file_ec)
+	$(OPENSSL) x509 -in $(test_ca_crt_file_ec) -out $@ -inform PEM -outform DER
+all_final += test-ca2.crt.der
+
+test-ca2.key.der: $(test_ca_key_file_ec)
+	$(OPENSSL) pkey -in $(test_ca_key_file_ec) -out $@ -inform PEM -outform DER
+all_final += test-ca2.key.der
+
 test_ca_crt_cat12 = test-ca_cat12.crt
 $(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec)
 	cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@
@@ -151,6 +173,14 @@ cli-rsa-sha256.crt: cli-rsa.csr
 	$(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@
 all_final += cli-rsa-sha256.crt
 
+cli-rsa-sha256.crt.der: cli-rsa-sha256.crt
+	$(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
+all_final += cli-rsa-sha256.crt.der
+
+ cli-rsa.key.der: $(cli_crt_key_file_rsa)
+	$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
+all_final += cli-rsa.key.der
+
 test_ca_int_rsa1 = test-int-ca.crt
 
 server7.csr: server7.key
@@ -169,6 +199,22 @@ server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt
 	cat server7.crt test-int-ca-exp.crt > $@
 all_final += server7_int-ca-exp.crt
 
+cli2.crt.der: cli2.crt
+	$(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
+all_final += cli2.crt.der
+
+ cli2.key.der: cli2.key
+	$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
+all_final += cli2.key.der
+
+ server5.crt.der: server5.crt
+	$(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
+all_final += server5.crt.der
+
+ server5.key.der: server5.key
+	$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
+all_final += server5.key.der
+
 server5-ss-expired.crt: server5.key
 	$(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@
 all_final += server5-ss-expired.crt
@@ -844,6 +890,18 @@ server2.req.sha256: server2.key
 	$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256
 all_intermediate += server2.req.sha256
 
+server2.crt.der: server2.crt
+	$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+all_final += server2.crt.der
+
+server2-sha256.crt.der: server2-sha256.crt
+	$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
+all_final += server2-sha256.crt.der
+
+server2.key.der: server2.key
+	$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
+all_final += server2.key.der
+
 # server5*
 
 # The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.'
@@ -928,9 +986,7 @@ server1_all: server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt
 
 server2.crt: server2.req.sha256
 	$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
-server2.der: server2.crt
-	$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
-all_final += server2.crt server2.der
+all_final += server2.crt
 
 server2-sha256.crt: server2.req.sha256
 	$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@
diff --git a/tests/data_files/cli-rsa-sha256.crt.der b/tests/data_files/cli-rsa-sha256.crt.der
new file mode 100644
index 000000000..8fa3d1b5f
Binary files /dev/null and b/tests/data_files/cli-rsa-sha256.crt.der differ
diff --git a/tests/data_files/cli-rsa-sha256.key.der b/tests/data_files/cli-rsa-sha256.key.der
new file mode 100644
index 000000000..8ef5a0464
Binary files /dev/null and b/tests/data_files/cli-rsa-sha256.key.der differ
diff --git a/tests/data_files/cli2.crt.der b/tests/data_files/cli2.crt.der
new file mode 100644
index 000000000..6ad236e2f
Binary files /dev/null and b/tests/data_files/cli2.crt.der differ
diff --git a/tests/data_files/cli2.key.der b/tests/data_files/cli2.key.der
new file mode 100644
index 000000000..acba6a027
Binary files /dev/null and b/tests/data_files/cli2.key.der differ
diff --git a/tests/data_files/server2.der b/tests/data_files/server2.crt.der
similarity index 100%
rename from tests/data_files/server2.der
rename to tests/data_files/server2.crt.der
diff --git a/tests/data_files/server2.key.der b/tests/data_files/server2.key.der
new file mode 100644
index 000000000..9905ce76b
Binary files /dev/null and b/tests/data_files/server2.key.der differ
diff --git a/tests/data_files/server5.crt.der b/tests/data_files/server5.crt.der
new file mode 100644
index 000000000..08d8dd311
Binary files /dev/null and b/tests/data_files/server5.crt.der differ
diff --git a/tests/data_files/server5.key.der b/tests/data_files/server5.key.der
new file mode 100644
index 000000000..6bd4ebb81
Binary files /dev/null and b/tests/data_files/server5.key.der differ
diff --git a/tests/data_files/test-ca.der b/tests/data_files/test-ca-sha1.crt.der
similarity index 100%
rename from tests/data_files/test-ca.der
rename to tests/data_files/test-ca-sha1.crt.der
diff --git a/tests/data_files/test-ca-sha256.crt.der b/tests/data_files/test-ca-sha256.crt.der
new file mode 100644
index 000000000..80a47e8d3
Binary files /dev/null and b/tests/data_files/test-ca-sha256.crt.der differ
diff --git a/tests/data_files/test-ca.crt.der b/tests/data_files/test-ca.crt.der
new file mode 100644
index 000000000..039fb9e43
Binary files /dev/null and b/tests/data_files/test-ca.crt.der differ
diff --git a/tests/data_files/test-ca2.crt.der b/tests/data_files/test-ca2.crt.der
new file mode 100644
index 000000000..bb0b51f9d
Binary files /dev/null and b/tests/data_files/test-ca2.crt.der differ
diff --git a/tests/data_files/test-ca2.key.der b/tests/data_files/test-ca2.key.der
new file mode 100644
index 000000000..bf64141aa
Binary files /dev/null and b/tests/data_files/test-ca2.key.der differ
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index ec5c057a6..90e2da1e5 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -12,7 +12,7 @@ x509_cert_info:"data_files/server2.crt":"cert. version     \: 3\nserial number
 
 X509 Certificate information #2 (DER)
 depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server2.der":"cert. version     \: 3\nserial number     \: 02\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2011-02-12 14\:44\:06\nexpires on        \: 2021-02-12 14\:44\:06\nsigned using      \: RSA with SHA1\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/server2.crt.der":"cert. version     \: 3\nserial number     \: 02\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2011-02-12 14\:44\:06\nexpires on        \: 2021-02-12 14\:44\:06\nsigned using      \: RSA with SHA1\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"
 
 X509 Certificate information #3
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
@@ -20,7 +20,7 @@ x509_cert_info:"data_files/test-ca.crt":"cert. version     \: 3\nserial number
 
 X509 Certificate information #3 (DER)
 depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/test-ca.der":"cert. version     \: 3\nserial number     \: 03\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued  on        \: 2011-02-12 14\:44\:00\nexpires on        \: 2021-02-12 14\:44\:00\nsigned using      \: RSA with SHA1\nRSA key size      \: 2048 bits\nbasic constraints \: CA=true\n"
+x509_cert_info:"data_files/test-ca.crt.der":"cert. version     \: 3\nserial number     \: 03\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued  on        \: 2011-02-12 14\:44\:00\nexpires on        \: 2021-02-12 14\:44\:00\nsigned using      \: RSA with SHA1\nRSA key size      \: 2048 bits\nbasic constraints \: CA=true\n"
 
 X509 Certificate information MD2 Digest
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD2_C