diff --git a/tests/hwsim/auth_serv/server-certpol2.csr b/tests/hwsim/auth_serv/server-certpol2.csr
new file mode 100644
index 000000000..63ed9abae
--- /dev/null
+++ b/tests/hwsim/auth_serv/server-certpol2.csr
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDlTCCAf0CAQAwUDELMAkGA1UEBhMCRkkxEDAOBgNVBAcMB1R1dXN1bGExDjAM
+BgNVBAoMBXcxLmZpMR8wHQYDVQQDDBZzZXJ2ZXItcG9saWNpZXMyLncxLmZpMIIB
+ojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA5lDRKAUnbNRC00LHzFOpa8Kj
+qyBvFzSd5B0x0MRoZULV6L2quOTp9u4udc1qjPaOqq9sfOs1UFWxwrP4p9AeozMm
+aEAgE3QIh++2OvF/PvV/k0R0N4vDiae6X0I5SiIgQGbGb3fPVD8FYd6rcfqfeG2X
+SuhgoBGqbLqdRGUY6OCP0d/alatBLGNl9kJC5h9CpBx0IEn01JIO4747Vf04aHQ6
+5N+aK5W/6dE4ixYkIDXbuNAVMC4vaiS54enntrW95g9Z3d+VnKsDtMVCgUhhzDwG
+F4VjbijL14jRzkDH/2FRrLu6I8lCp30nDR5TkM8iP1f1/xoFDJx6G/viR19Fy+6I
+paBUcYP309PFvLJ+haexGs+Ry4s5unwsnbLFecPggHMGME9dgVLiv0NVhV1kxJes
+6S1+MLXhUlBTDKwkjnuiV43/sQW6IzOmCKO0OEL2XNm8XXWVgv9NmttWLxs40lEF
+LJBi8Y5M7uobrqpTdIW6xsPCSzC94C7IrH4lzDJfAgMBAAGgADANBgkqhkiG9w0B
+AQsFAAOCAYEAe5pIVGtUDu9+vI7oIDAc/AkiPxCsM1W8r/geTQvGaP1FzuppXbo+
+i1U2iGTC2P/9ZJ+zMBbj7IVvPg9KWOnDP98BZB6iHSYOm6OYBsIpm9uSvET7qJ+M
+22xZe89abeYNFgDpKYJRasFEG3ze2HvNvZUolR8RYakTeBCwlO8snqiZgjJdwbFz
+0fVWqVoFCZN0AUvzfAeqFwZpZ9cQRETOB10DbVxnWe58mJgFckXwSynmxdP4o+9L
+QUq8HB9FMlUyn60usP121Wm1LC3tvJpecl4otQqu2nPnmhUWMMiBMRpPwOqB0fnn
+gfdqON5cligShTernXXtdBnXoeM+ZT2qayazuZ/3JD5ioVM2ZVVNRfPZTmDwF9+1
+w0TC4YfEuAHMfOAnfr+lOt0HI3lGIqTzbze7IPRK1mbfq6gOa0DzQw04vflLFVzx
+/f9S0K8sHeKj3DaaezCGY3T/rUMbmwT/pSNNK56zcddBcj/fFf+3NhcbC09U8V4h
+RBL7vBjsIWsH
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/hwsim/auth_serv/server-certpol2.key b/tests/hwsim/auth_serv/server-certpol2.key
new file mode 100644
index 000000000..29e59dc94
--- /dev/null
+++ b/tests/hwsim/auth_serv/server-certpol2.key
@@ -0,0 +1,40 @@
+-----BEGIN PRIVATE KEY-----
+MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDmUNEoBSds1ELT
+QsfMU6lrwqOrIG8XNJ3kHTHQxGhlQtXovaq45On27i51zWqM9o6qr2x86zVQVbHC
+s/in0B6jMyZoQCATdAiH77Y68X8+9X+TRHQ3i8OJp7pfQjlKIiBAZsZvd89UPwVh
+3qtx+p94bZdK6GCgEapsup1EZRjo4I/R39qVq0EsY2X2QkLmH0KkHHQgSfTUkg7j
+vjtV/ThodDrk35orlb/p0TiLFiQgNdu40BUwLi9qJLnh6ee2tb3mD1nd35WcqwO0
+xUKBSGHMPAYXhWNuKMvXiNHOQMf/YVGsu7ojyUKnfScNHlOQzyI/V/X/GgUMnHob
+++JHX0XL7oiloFRxg/fT08W8sn6Fp7Eaz5HLizm6fCydssV5w+CAcwYwT12BUuK/
+Q1WFXWTEl6zpLX4wteFSUFMMrCSOe6JXjf+xBbojM6YIo7Q4QvZc2bxddZWC/02a
+21YvGzjSUQUskGLxjkzu6huuqlN0hbrGw8JLML3gLsisfiXMMl8CAwEAAQKCAYEA
+z/4yNPManKTASKtpZjQzr3aSeiuLR6ij4msfHssRAEmwhkQrFljclbyZxpcg33aW
+drx/u/xqJEePhicjquE/meDKkaE/lnHWdnTb3DVV1dS9RpCuZ69Xgkwv+nEC7dkN
+yTtHf0jyusFDKhR+Piu4sng+Bk7/W+84OoL5Hdgy+7Q5Da8cZsfGzsBhR1ils86N
+T0nG8ZX4fbP9sFyOl2Rb+bDlsuXgA/Zz30OrzafMLi6VZDy+tckv1qqeF9A2CwHq
+avLsnqatMqZBbYkbo9munv2Fhs4z1KJQl6u3BifnFX4ZiP/tCBdc/Clgbr/dw2e+
+6GEclNT0eSiB9vUw3wHINRqnU35i8wIOmMJ7wG5q+PeRn8sEfkRSCshKjIfvBcHG
+G/rVmILERKMJQax2MavGWhYYtWEu5cMOdK3hDb7/0uODv1oJYQGp5qNom6U0efLK
+oD3la3E3KfYbCLdA1XBG8p9TcOFbm2hm7c1UFzBQ805JmR4SIvcR5gEkOadcTajp
+AoHBAP629szQlStD/1cHi4X9rQ7Nm2LqljLp6hVn+KOZztqEaT36HqU7247sII93
+axMLVMRxebK5gZ5H/UF9M/75MWoUvnlbkWPPeRdr2HJUc/h7HbV/V79NSjfLBFqG
+kX6Gx6V4PQg3dww/FPJBQuRP84gUFMDvMhoXutjVY5aoCPwyiez7qEEYjyyyIEFW
+JKRgqp1LMHH/yOWvytOdjNhTlx9AMnAyNa8LJWtxPgqtZIN4ifjPbytdZfVA6y8Y
+hZanwwKBwQDnelWxu9QxSOT9kCMWRtdkb2e04NyyDSN4XHv0UQ5tfGYnphE7cjIL
+9wmutI16mueKSkO2pECjKSnsraEwXAxMazwFjHZmq5c6LzxZ1HpmnW+31vHu5Q9R
+t9oB9eY6nrNmPtSur5bfRzC7qzBJtrjNEmzJ2aS71yMC0cuZvmjko9t0U48qbgJv
+zoOUuyCmz5PK1dOd0OyzH11XsRzfcf/nOqZUhQ0zaG0WSewmbqpVW2PsxkIEYlr6
+0hGtSjG2PTUCgcEAp4Py6h5fjDXLDxSCORvtnaexAqvfHhrifTOEvSuhc+rTQBRn
+5SlpqyQ2AcR64ep41D0A2X7Q9STJNTG/aXe/fNGptyx2gNro+3NMxVwvbQKjNkNK
+lSCip/DXqyWHOFwxnuxlzyqTG7W889nhwT+nnR3/zCdDnw9uLb6hIWrfheVC+l1D
+eZRKTQ3U0sNxk72TV6EkekTLfetQDD44a+kFoWLaCRmsXrOI55FxSRph2WkD7GOX
+7EAflt0cDzwkV0F7AoHAbiVfO5imCuGl3SZGG+aPvcHpNj+9pJft5esULJiZZe3I
+6lryXjgjql/d4p0VqV6miL535CPaggknYvDn/4v9aiuovvcsrARAjLZHYHNj3wpR
+S8hjDQtAM+FpQn+RExnLQf7p00nIX+yPOu3lp13kJ+j5jT8cTSm9Bi1wVXMulIWH
++p18RXNdg3hgUliM2/NwXxdKgBEXYNCu6PhlRcoIPC5DUXqSYoDxT6bTUSJduQoo
+zVU1usJWin2FXdEtQIt1AoHAG0JIyXgEjYlLd7neRUvMT19CyJ7H5pipRBNGPmqY
+0rTsXxPo3htYCJnPd3/vSVZ6YMhztWN9PxVcv4zyo5AkoYwXIoFezUy5Gs/81eZW
+H8TTvo/sZRwdRPfN8a8eULFVUByBrVx5+2fXEQvq6FrlI056WWNb2LbBy9V5+37I
+3DQASpLlDDFdMVXtADPDoVoSJbiDcoA9Y3KCJ4a9qgLBCzMjZRAzoCobaTjmcut4
+1Peox0uGkHST86FZUyHbn9C5
+-----END PRIVATE KEY-----
diff --git a/tests/hwsim/auth_serv/server-certpol2.pem b/tests/hwsim/auth_serv/server-certpol2.pem
new file mode 100644
index 000000000..b200b7620
--- /dev/null
+++ b/tests/hwsim/auth_serv/server-certpol2.pem
@@ -0,0 +1,92 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            d8:d3:e3:a6:cb:e3:cd:1e
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=FI, O=w1.fi, CN=Root CA
+        Validity
+            Not Before: Aug 16 12:58:24 2019 GMT
+            Not After : Aug 15 12:58:24 2020 GMT
+        Subject: C=FI, O=w1.fi, CN=server-policies2.w1.fi
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (3072 bit)
+                Modulus:
+                    00:e6:50:d1:28:05:27:6c:d4:42:d3:42:c7:cc:53:
+                    a9:6b:c2:a3:ab:20:6f:17:34:9d:e4:1d:31:d0:c4:
+                    68:65:42:d5:e8:bd:aa:b8:e4:e9:f6:ee:2e:75:cd:
+                    6a:8c:f6:8e:aa:af:6c:7c:eb:35:50:55:b1:c2:b3:
+                    f8:a7:d0:1e:a3:33:26:68:40:20:13:74:08:87:ef:
+                    b6:3a:f1:7f:3e:f5:7f:93:44:74:37:8b:c3:89:a7:
+                    ba:5f:42:39:4a:22:20:40:66:c6:6f:77:cf:54:3f:
+                    05:61:de:ab:71:fa:9f:78:6d:97:4a:e8:60:a0:11:
+                    aa:6c:ba:9d:44:65:18:e8:e0:8f:d1:df:da:95:ab:
+                    41:2c:63:65:f6:42:42:e6:1f:42:a4:1c:74:20:49:
+                    f4:d4:92:0e:e3:be:3b:55:fd:38:68:74:3a:e4:df:
+                    9a:2b:95:bf:e9:d1:38:8b:16:24:20:35:db:b8:d0:
+                    15:30:2e:2f:6a:24:b9:e1:e9:e7:b6:b5:bd:e6:0f:
+                    59:dd:df:95:9c:ab:03:b4:c5:42:81:48:61:cc:3c:
+                    06:17:85:63:6e:28:cb:d7:88:d1:ce:40:c7:ff:61:
+                    51:ac:bb:ba:23:c9:42:a7:7d:27:0d:1e:53:90:cf:
+                    22:3f:57:f5:ff:1a:05:0c:9c:7a:1b:fb:e2:47:5f:
+                    45:cb:ee:88:a5:a0:54:71:83:f7:d3:d3:c5:bc:b2:
+                    7e:85:a7:b1:1a:cf:91:cb:8b:39:ba:7c:2c:9d:b2:
+                    c5:79:c3:e0:80:73:06:30:4f:5d:81:52:e2:bf:43:
+                    55:85:5d:64:c4:97:ac:e9:2d:7e:30:b5:e1:52:50:
+                    53:0c:ac:24:8e:7b:a2:57:8d:ff:b1:05:ba:23:33:
+                    a6:08:a3:b4:38:42:f6:5c:d9:bc:5d:75:95:82:ff:
+                    4d:9a:db:56:2f:1b:38:d2:51:05:2c:90:62:f1:8e:
+                    4c:ee:ea:1b:ae:aa:53:74:85:ba:c6:c3:c2:4b:30:
+                    bd:e0:2e:c8:ac:7e:25:cc:32:5f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                4E:01:8B:7E:C2:77:94:E1:68:B3:C4:29:35:24:05:0B:DE:84:4A:89
+            X509v3 Authority Key Identifier: 
+                keyid:B8:92:DE:FD:8A:18:B3:30:C3:9F:55:F3:33:5D:B4:C8:29:8A:41:14
+
+            Authority Information Access: 
+                OCSP - URI:http://server.w1.fi:8888/
+
+            X509v3 Subject Alternative Name: 
+                DNS:server-policies2.w1.fi
+            X509v3 Certificate Policies: 
+                Policy: 1.3.6.1.4.1.40808.1.3.2
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+    Signature Algorithm: sha256WithRSAEncryption
+         89:0d:37:6e:dd:ac:99:70:c3:21:20:ad:00:6e:62:19:a9:d2:
+         eb:0c:af:e7:76:3a:dc:9e:7d:0b:cf:0e:73:48:48:41:4c:53:
+         19:85:14:25:36:32:b4:52:14:ab:3d:0a:eb:ce:0d:0a:66:e5:
+         a5:81:b5:09:90:96:c9:09:49:bd:b4:7a:f3:15:3a:2e:53:2c:
+         8a:62:83:20:72:4e:71:d1:89:ff:41:72:39:a0:a3:98:07:91:
+         a1:72:ef:ef:29:20:66:ce:7d:38:6f:bc:ad:f1:4f:51:26:87:
+         42:05:95:65:ce:27:44:64:86:a5:ed:8b:85:eb:7f:30:ca:07:
+         72:e3
+-----BEGIN CERTIFICATE-----
+MIIDxzCCAzCgAwIBAgIJANjT46bL480eMA0GCSqGSIb3DQEBCwUAMC8xCzAJBgNV
+BAYTAkZJMQ4wDAYDVQQKDAV3MS5maTEQMA4GA1UEAwwHUm9vdCBDQTAeFw0xOTA4
+MTYxMjU4MjRaFw0yMDA4MTUxMjU4MjRaMD4xCzAJBgNVBAYTAkZJMQ4wDAYDVQQK
+DAV3MS5maTEfMB0GA1UEAwwWc2VydmVyLXBvbGljaWVzMi53MS5maTCCAaIwDQYJ
+KoZIhvcNAQEBBQADggGPADCCAYoCggGBAOZQ0SgFJ2zUQtNCx8xTqWvCo6sgbxc0
+neQdMdDEaGVC1ei9qrjk6fbuLnXNaoz2jqqvbHzrNVBVscKz+KfQHqMzJmhAIBN0
+CIfvtjrxfz71f5NEdDeLw4mnul9COUoiIEBmxm93z1Q/BWHeq3H6n3htl0roYKAR
+qmy6nURlGOjgj9Hf2pWrQSxjZfZCQuYfQqQcdCBJ9NSSDuO+O1X9OGh0OuTfmiuV
+v+nROIsWJCA127jQFTAuL2okueHp57a1veYPWd3flZyrA7TFQoFIYcw8BheFY24o
+y9eI0c5Ax/9hUay7uiPJQqd9Jw0eU5DPIj9X9f8aBQycehv74kdfRcvuiKWgVHGD
+99PTxbyyfoWnsRrPkcuLObp8LJ2yxXnD4IBzBjBPXYFS4r9DVYVdZMSXrOktfjC1
+4VJQUwysJI57oleN/7EFuiMzpgijtDhC9lzZvF11lYL/TZrbVi8bONJRBSyQYvGO
+TO7qG66qU3SFusbDwkswveAuyKx+JcwyXwIDAQABo4HXMIHUMAkGA1UdEwQCMAAw
+HQYDVR0OBBYEFE4Bi37Cd5ThaLPEKTUkBQvehEqJMB8GA1UdIwQYMBaAFLiS3v2K
+GLMww59V8zNdtMgpikEUMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0
+cDovL3NlcnZlci53MS5maTo4ODg4LzAhBgNVHREEGjAYghZzZXJ2ZXItcG9saWNp
+ZXMyLncxLmZpMBgGA1UdIAQRMA8wDQYLKwYBBAGCvmgBAwIwEwYDVR0lBAwwCgYI
+KwYBBQUHAwEwDQYJKoZIhvcNAQELBQADgYEAiQ03bt2smXDDISCtAG5iGanS6wyv
+53Y63J59C88Oc0hIQUxTGYUUJTYytFIUqz0K684NCmblpYG1CZCWyQlJvbR68xU6
+LlMsimKDIHJOcdGJ/0FyOaCjmAeRoXLv7ykgZs59OG+8rfFPUSaHQgWVZc4nRGSG
+pe2Lhet/MMoHcuM=
+-----END CERTIFICATE-----
diff --git a/tests/hwsim/auth_serv/test-ca/index.txt b/tests/hwsim/auth_serv/test-ca/index.txt
index 8c7e2081a..0c11f454b 100644
--- a/tests/hwsim/auth_serv/test-ca/index.txt
+++ b/tests/hwsim/auth_serv/test-ca/index.txt
@@ -43,3 +43,4 @@ V	191003221355Z		D8D3E3A6CBE3CD19	unknown	/C=FI/O=w1.fi/CN=server5.w1.fi
 V	191003221355Z		D8D3E3A6CBE3CD1A	unknown	/C=FI/O=w1.fi/CN=server6.w1.fi
 V	191003221355Z		D8D3E3A6CBE3CD1B	unknown	/C=FI/O=w1.fi/CN=Test User
 V	200610001234Z		D8D3E3A6CBE3CD1D	unknown	/C=FI/O=w1.fi/CN=server-policies.w1.fi
+V	200815125824Z		D8D3E3A6CBE3CD1E	unknown	/C=FI/O=w1.fi/CN=server-policies2.w1.fi
diff --git a/tests/hwsim/auth_serv/test-ca/serial b/tests/hwsim/auth_serv/test-ca/serial
index 929af056a..195aecef1 100644
--- a/tests/hwsim/auth_serv/test-ca/serial
+++ b/tests/hwsim/auth_serv/test-ca/serial
@@ -1 +1 @@
-D8D3E3A6CBE3CD1E
+D8D3E3A6CBE3CD1F
diff --git a/tests/hwsim/auth_serv/update.sh b/tests/hwsim/auth_serv/update.sh
index c46451257..585bca632 100755
--- a/tests/hwsim/auth_serv/update.sh
+++ b/tests/hwsim/auth_serv/update.sh
@@ -40,6 +40,14 @@ cat openssl2.cnf |
 #$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout server-certpol.key -out server-certpol.csr -outform PEM -sha256
 $OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-certpol.csr -out server-certpol.pem -extensions ext_server
 
+cat openssl2.cnf |
+	sed "s/#@CN@/commonName_default = server-policies2.w1.fi/" |
+	sed "s/#@ALTNAME@/subjectAltName=DNS:server-policies2.w1.fi/" |
+	sed "s/#@CERTPOL@/certificatePolicies = 1.3.6.1.4.1.40808.1.3.2/" \
+	> openssl.cnf.tmp
+#$OPENSSL req -config openssl.cnf.tmp -batch -new -newkey rsa:3072 -nodes -keyout server-certpol2.key -out server-certpol2.csr -outform PEM -sha256
+$OPENSSL ca -config $PWD/openssl.cnf.tmp -batch -in server-certpol2.csr -out server-certpol2.pem -extensions ext_server
+
 echo
 echo "---[ Update user certificates ]-----------------------------------------"
 echo