diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e1b39e3..1f1469f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -32,12 +32,6 @@ on:
 #
 # Jobs
 #
-# [NOTE]
-# Some tests using awscli may output a python warning.
-# The warning is about HTTPS connections using self-signed certificates.
-# That's why the PYTHONWARNINGS environment variable disables the
-# "Unverified HTTPS request" warning.
-#
 jobs:
   Linux:
     runs-on: ubuntu-latest
@@ -78,12 +72,6 @@ jobs:
       #
       DEBIAN_FRONTEND:  noninteractive
 
-      # [NOTE]
-      # Since using a self-signed certificate and have not registered a certificate authority,
-      # we get a warning in python, so we suppress it(by PYTHONWARNINGS).
-      #
-      PYTHONWARNINGS:   "ignore:Unverified HTTPS request"
-
     steps:
       # [NOTE]
       # On openSUSE, tar and gzip must be installed before action/checkout.
@@ -127,13 +115,6 @@ jobs:
   macos10:
     runs-on: macos-10.15
 
-    env:
-      # [NOTE]
-      # Since using a self-signed certificate and have not registered a certificate authority,
-      # we get a warning in python, so we suppress it(by PYTHONWARNINGS).
-      #
-      PYTHONWARNINGS:   "ignore:Unverified HTTPS request"
-
     steps:
       - name: Checkout source code
         uses: actions/checkout@v2
diff --git a/test/integration-test-common.sh b/test/integration-test-common.sh
index b0e100d..c1c75ee 100644
--- a/test/integration-test-common.sh
+++ b/test/integration-test-common.sh
@@ -140,6 +140,11 @@ function start_s3proxy {
             chmod +x "${S3PROXY_BINARY}"
         fi
 
+        # generate self-signed SSL certificate
+        rm -f /tmp/keystore.jks /tmp/keystore.pem
+        echo -e 'password\npassword\n\n\n\n\n\n\nyes' | keytool -genkey -keystore /tmp/keystore.jks -keyalg RSA -keysize 2048 -validity 365 -ext SAN=IP:127.0.0.1
+        echo password | keytool -exportcert -keystore /tmp/keystore.jks -rfc -file /tmp/keystore.pem
+
         ${STDBUF_BIN} -oL -eL java -jar "$S3PROXY_BINARY" --properties $S3PROXY_CONFIG &
         S3PROXY_PID=$!
 
diff --git a/test/keystore.jks b/test/keystore.jks
deleted file mode 100644
index 0a51c65..0000000
Binary files a/test/keystore.jks and /dev/null differ
diff --git a/test/s3proxy.conf b/test/s3proxy.conf
index f57bdfb..50ab754 100644
--- a/test/s3proxy.conf
+++ b/test/s3proxy.conf
@@ -2,7 +2,7 @@ s3proxy.secure-endpoint=https://127.0.0.1:8080
 s3proxy.authorization=aws-v2-or-v4
 s3proxy.identity=local-identity
 s3proxy.credential=local-credential
-s3proxy.keystore-path=keystore.jks
+s3proxy.keystore-path=/tmp/keystore.jks
 s3proxy.keystore-password=password
 
 jclouds.provider=transient
diff --git a/test/test-utils.sh b/test/test-utils.sh
index 6e8ccec..961ff90 100644
--- a/test/test-utils.sh
+++ b/test/test-utils.sh
@@ -319,7 +319,7 @@ function aws_cli() {
     if [ -n "${S3FS_PROFILE}" ]; then
         FLAGS="--profile ${S3FS_PROFILE}"
     fi
-    aws $* --endpoint-url "${S3_URL}" --no-verify-ssl $FLAGS
+    aws $* --endpoint-url "${S3_URL}" --ca-bundle /tmp/keystore.pem $FLAGS
 }
 
 function wait_for_port() {