diff --git a/cmd/csaf_checker/main.go b/cmd/csaf_checker/main.go
index 30406a7..661e33f 100644
--- a/cmd/csaf_checker/main.go
+++ b/cmd/csaf_checker/main.go
@@ -126,10 +126,10 @@ func buildReporters() []reporter {
 	}
 }
 
-func main() {
+func realMain(args []string) {
 	opts := new(options)
 
-	domains, err := flags.Parse(opts)
+	domains, err := flags.ParseArgs(opts, args)
 	errCheck(err)
 
 	if len(domains) == 0 {
@@ -137,11 +137,6 @@ func main() {
 		return
 	}
 
-	if (opts.ClientCert != nil && opts.ClientKey == nil) || (opts.ClientCert == nil && opts.ClientKey != nil) {
-		log.Println("Both client-key and client-cert options must be set for the authentication.")
-		return
-	}
-
 	p := newProcessor(opts)
 
 	report, err := p.run(buildReporters(), domains)
@@ -149,3 +144,7 @@ func main() {
 
 	errCheck(writeReport(report, opts))
 }
+
+func main() {
+	realMain(os.Args[1:])
+}
diff --git a/cmd/csaf_checker/main_test.go b/cmd/csaf_checker/main_test.go
new file mode 100644
index 0000000..0363264
--- /dev/null
+++ b/cmd/csaf_checker/main_test.go
@@ -0,0 +1,21 @@
+package main
+
+import (
+	"os"
+	"testing"
+)
+
+// call realMain() with Args that skip over params used by "go test"
+// allow calls like
+//   go test -c -vet=off -covermode=atomic  -o app.debug
+//  ./app.debug -test.coverprofile=functest.cov -- --insecure localhost
+func TestMain(t *testing.T) {
+	var endOfTestParams int
+	for i, a := range os.Args[1:] {
+		if a == "--" {
+			endOfTestParams = i + 1
+		}
+	}
+
+	realMain(os.Args[endOfTestParams+1:])
+}