diff --git a/internal/certs/certs_test.go b/internal/certs/certs_test.go
new file mode 100644
index 0000000..e9a36cd
--- /dev/null
+++ b/internal/certs/certs_test.go
@@ -0,0 +1,63 @@
+// This file is Free Software under the MIT License
+// without warranty, see README.md and LICENSES/MIT.txt for details.
+//
+// SPDX-License-Identifier: MIT
+//
+// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
+// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
+
+package certs
+
+import "testing"
+
+// TestLoadCertificates tests if LoadCertificate correctly loads
+// valid certificates and throws an error at invalid certificates,
+// keys or passphrases
+func TestLoadCertificates(t *testing.T) {
+	var (
+		testCert       = "data/testclient.crt"
+		testKey        = "data/testclientkey.pem"
+		passphrase     = "qwer"
+		missingCert    = "data/testclientcert_missing.crt"
+		missingTestkey = "data/testclientkey_missing.pem"
+		privateKey     = "data/privated.pem"
+		privateCert    = "data/cert.crt"
+	)
+
+	// Try to load cert that is not protected, expect success.
+	if cert, err := LoadCertificate(&testCert, &testKey, nil); cert == nil || err != nil {
+		t.Errorf("Failure: Couldn't load supposedly valid certificate.")
+	}
+	// Try to load no cert, expect error.
+	if cert, err := LoadCertificate(nil, &testKey, nil); cert != nil || err == nil {
+		t.Errorf("Failure: No error despite missing certificate")
+	}
+	// Try to load cert using a nonexistent key, expect error.
+	if cert, err := LoadCertificate(&testCert, &missingTestkey, nil); cert != nil || err == nil {
+		t.Errorf("Failure: No Failure while loading certificate using missing key.")
+	}
+	// Try to decrypt not encrypted cert, expect error
+	if cert, err := LoadCertificate(&testCert, &testKey, &passphrase); cert != nil || err == nil {
+		t.Errorf("Failure: Could load unprotected valid certificate with passphrase.")
+	}
+	// Try to load encrypted cert using a nonexistent key, but valid passphrase. Expect error.
+	if cert, err := LoadCertificate(&testCert, &missingTestkey, &passphrase); cert != nil || err == nil {
+		t.Errorf("Failure: No Failure while loading certificate using missing key with passphrase.")
+	}
+	// Try to load encrypted cert, expecting success.
+	if cert, err := LoadCertificate(&privateCert, &privateKey, &passphrase); cert == nil || err != nil {
+		t.Errorf("Failure: Couldn't load supposedly valid encrypted certificate.")
+	}
+	// Try to load wrong encrypted cert, expecting error.
+	if cert, err := LoadCertificate(&testKey, &privateKey, &passphrase); cert != nil || err == nil {
+		t.Errorf("Failure: No Failure while loading certificate using wrong encrypted key.")
+	}
+	// Try to load nonexistent encrypted cert, expecting error.
+	if cert, err := LoadCertificate(&missingCert, &privateKey, &passphrase); cert != nil || err == nil {
+		t.Errorf("Failure: No Failure while loading nonexistens certificate.")
+	}
+	// Try to load nonexistent encrypted cert, expecting error.
+	if cert, err := LoadCertificate(nil, nil, nil); cert != nil || err != nil {
+		t.Errorf("Failure: Expected nil return.")
+	}
+}
diff --git a/internal/certs/data/cert.crt b/internal/certs/data/cert.crt
new file mode 100644
index 0000000..f80d61c
--- /dev/null
+++ b/internal/certs/data/cert.crt
@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIGajCCBNKgAwIBAgIUGNi4GgCUssOOe3k0VuHf3R0+d54wDQYJKoZIhvcNAQEL
+BQAwgY0xFDASBgNVBAMTC0NvbW1vbiBuYW1lMRMwEQYDVQQLEwppbnRldmF0aW9u
+MRMwEQYDVQQKEwppbnRldmF0aW9uMRMwEQYDVQQHEwppbnRldmF0aW9uMRUwEwYD
+VQQIEwxMb3dlciBTYXhvbnkxCzAJBgNVBAYTAkdFMRIwEAYKCZImiZPyLGQBGRYC
+REMwHhcNMjMwOTE5MDcwMDA1WhcNMjYwNjE0MDcwMDA3WjCB8DEQMA4GA1UEAxMH
+cmVxdWVzdDETMBEGA1UECxMKaW50ZXZhdGlvbjETMBEGA1UEChMKaW50ZXZhdGlv
+bjETMBEGA1UEBxMKb3NuYWJydWVjazEVMBMGA1UECBMMbG93ZXIgc2F4b255MQsw
+CQYDVQQGEwJHRTESMBAGCgmSJomT8ixkARkWAkRDMREwDwYKCZImiZPyLGQBGRYB
+LjERMA8GCgmSJomT8ixkARkWAS4xETAPBgoJkiaJk/IsZAEZFgEuMRMwEQYKCZIm
+iZPyLGQBGRYDd3d3MRcwFQYKCZImiZPyLGQBARMHbm8gaWRlYTCCAaIwDQYJKoZI
+hvcNAQEBBQADggGPADCCAYoCggGBAN0vZbLXtRzd61rR8Hos0BGnqCaJXIwGARwx
+JojMyxASFT+KeC4QDRkgRrK6OY4k/i7TEHuUGk/Bm754++554wmmhDqv1Q4+VhhR
+1K/JAz/HVZNTAR1rPKwG82lyEpPxlRNZg/QtF9DqQSoSkL/fJLs+rq4zlKozXzRE
+auZ5Be8So1dXRZfMVUMDgtk+IX8+iCeZisiWfv62ttQ0EiuiXLagd6ruEuoCSVi2
+tVswsC/Hp8AI2Ro56mmHiWthuae1H8yDWUFLSe9AQW65qC/xVUgo/nMpK2BYVFKb
+70TMjl/dZM0Qn1tdiNyqCkbIhXjklZvZYhO+15TPkgDXDsqRUjpTrLZXLGrD6XIx
+CRLZGY6YrUfsFTjUC6JrUrAR8zY7SLsYN5sUmFUSMpJnI+T/SD4p/0CXrKrbMOjW
+Qqz6FX/WHPxvswGKHk5zHYGHrzx7OKmfVa6gzUgZSfOHj2xOOR2Un9DwNavIrmSC
+WYXKZqig5qDyfzBvlXWEio/5GrDwgQIDAQABo4IBWzCCAVcwgcIGA1UdEQSBujCB
+t4IrYSBkbnNOYW1lIG9mIHRoZSBzdWJqZWN0IG9mIHRoZSBjZXJ0aWZpY2F0ZYI3
+YW4gYWRkaXRpb25hbCBkbnNOYW1lIG9mIHRoZSBzdWJqZWN0IG9mIHRoZSBjZXJ0
+aWZpY2F0ZYIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIBLoIP
+c2Vjb25kIGFkZGl0aW9ugg50aGlyZCBhZGRpdGlvboIHZG5zTmFtZTAMBgNVHRMB
+Af8EAjAAMDEGA1UdJQQqMCgGCCsGAQUFBwMJBggrBgEFBQcDAgYIKwYBBQUHAwEG
+CCsGAQUFBwMCMA8GA1UdDwEB/wQFAwMHsAAwHQYDVR0OBBYEFKrFhODjTKCopb+W
+Qa29PsHR4HXgMB8GA1UdIwQYMBaAFCyZxCa1ZUHVy8LjikE8zumAiEgfMA0GCSqG
+SIb3DQEBCwUAA4IBgQBTrAgh6d+qiLumEfmkNCmhewxKxDZp+Ni2nz9XRzNO2cQE
+U0n8MdbnQInW3xJXng2sAcl1fQz0RN1hkyjDwi69mbbPgcTYmxJFvyt+zRYBe/Sq
+4CGGkxEdPW94tMpQ6SrCn2mAMnvcq9A1pYBVYyPeUsaRHC5OUBFOMCevNy8JwNyY
+MJ0H5HQCyCysbzA1d521pogGUs/tmbE+ym9zpV8vG0b6De1PexjVeGkTNYz6NCR2
+VZTQ+OJ5iE5pHPEC1Qif44LrR9Kdn/wu3RjTYyHeBOJFjK+DKgleNF4QVTcZQIPE
+snN4H+/VSgTZQ3kgWbtpd1m5oRBJovEc2Qe+l+iDFCk8OA4z/x+fkvOeD3NUAl7D
+9Pt3cP3UtWUJp4NJn2dvUljmQhB02HSqdNBhqKSg4/cf7l8Zo1ejvBUosrlgw3C3
+apDaC4/xk7woFKVYW25teH2ze+Gpz/YsLDtmL7Bri8CGVsqsN9yqO8SstwKBa3Rt
+xQ2em6XnnanApT4iFX4=
+-----END CERTIFICATE-----
diff --git a/internal/certs/data/privated.pem b/internal/certs/data/privated.pem
new file mode 100644
index 0000000..354598a
--- /dev/null
+++ b/internal/certs/data/privated.pem
@@ -0,0 +1,42 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,054A583F6C90570F
+
+tlGw8qlO25FaQdRLkai5L1JHWz/5fC4zd3qFISWssYH2FEnz8yfYsCoRLivVYhJB
+fswOTj9h5b1RYRsWfIwCGfyNeOj8hkQrLwCW607vbhydGGJ4xc5RBF9MK0QCjSNT
+r8myedNyfI4nm5enNVFDqYsqAc7cA3m1qw+QsAhPOrASDTp5svHR7g9+T6P5GDHm
+B79nap02kfmodC7ytmWDBEclJ45Y19LOucN0+Nl6JgKkQEfWB/p2s2kGAGY1Of3X
+/ERPOqeqZdFSdPDyX+mrzjGVhypgjBaz7XRh8OSeW8UP70rE+9aZKn9fIs2NyYMH
+wwCElUmFV1Ye+/JtE4+Rcu6pG7NrX1rAC+pqPZaF8PT/kEuawiwrMuU0RP/8Y6mn
+PRZZGZhXwBcfWPDN+JIj7e1NAXynwP/d4Pc4nb1O6EG3/Yip+F9NNaNbEfS4z9eV
+Se7Gr/ySwxFhww9KhMtFYhkb6DVzy7StXpDqDmLhaF+qGCl86XRzZHho6EwQi+9r
+c3VXbgogbjwIP8OgAKIZLuMxETZb0rvOr87sMAiqWRx+gRhryNniNr70anY8Vkpl
+jcw6SJdqWuvOGaKjxWgdcHOzHdISEu/W6z8euTzMxX6/C7hBrKT8Edt71Jha26a5
+ZZNDH2XoqDphelfCbrARhw4P++KcnhPsY2da5cJ4021dfwXQGbGjcW1EAR3tCP/U
+NKWc8Wm4dzuQSMqJERbWlXL8/UuvtyJR8VgNueg8EAHXCWBCS9i1i06gla9gPbdy
+erhMDtUsJepFPDZVuqvm0dIjBaldl+74FHnPQ6+qFHXy6f71bGOmbonspnApqoeP
+gc4zB65Nv+ws//XfdgwHhmtUkWS2ANPNQhU9o92l8XlqKicGC72dEEsR2TMS7fEW
+K9/d06ZGu83FEXL43OXN79JmkpblonCWRgyVF7WPGufm+dtmR5zlIQruW2FJVwPZ
+QmOioJYlSopOztyyBIuhZaNwVDQgoFtwHKRWAUseodzmHuPpvWCBjlL4hebJ7O0T
+HGHGddqam3IPmyradhk0o1Qb54uk9rrzKWjcOEw850mJt3DnkHRNRgY96Gg0fA+m
++UxEOuGPvOudOMtC32vDKwAZ9eGgxAKea/kvaLFdPqwiq3B+IBetjSYGZ2kxVOAD
+K8rHH6bnzrrasKHfOIBpw4MsiAG19sW1fFL61v5OXTcLOEQ/UVC8WinSj3JK894O
+XjETyg8zvH+bYdlv9T2SGvAAzv1bJ3Iw9kb2VK0ZgwfwQgKpCDe6PEFLP7K2NNdF
+zSw1GHOiDewsMD7VSfkmtevhzTOcQd/3uoyn/5ftcvcbqI4CGxP6kOxmul3NdfYl
+insi95+IuhkSUQL02AdkI3SQhSnfmFRZSsy6JTXSN/7XOOzRFyMJcR1WlXOKFpt9
+G/bYGjVmfxtRqH4ZO7irCPiM+ZudXvPCl5VhZReBsJeEJcNuR36QTJIL3RQHyKTD
+9Z12PegrgPXDgkSns1s8phTu+GygIEh67yLPbPYohYYbJUOkab7Il3JauihnuMSP
+2BDDbwdvL1V7TQCmnopNb1srZj3q/1eWKmik2U1kvc78c3W03NC5wFETic2QCM9z
+u/IaKAjO/kvSB8+ClSYaZDVLuBgUHf0DSG9cb5eoPqFt3t4zuWQhQjJR1YlLtQsJ
+YSQFf0WqGj6sA2+AIy6Fv3oitlOPtRi/2seZ8ACSqxbwUFf3to8ZA3rJNoaYLvsT
+sz++DrA8oHr4eDOiCoLeU6MLNiUvB6RGtjDwhQDh2LoJJyAdh9wB3vaAmEJ1u3o4
+cGyTCxbbkxRCWhMWW4NJbvdZORYhhhIu+TH5DaLgsZS1n+UF/amKQ0m8sj968Uo/
+w05QBNm/F3zg5dpzyW7uEfti8DaP/apDcf1dHSpk9ERkJ/QSIdgzGmrROQvh2tF/
+nvubXXMAex0tXFS6eyIZVgkT1S5eF001DsxIlp/jY6oFUYHquMcOQkyRAvUTvLO1
+pkexrPYrmx/alP71nNrBfixSTHMuPVb2jC38ElzllgxHfaaI5Q1hef4lVaErNaQ3
+m1hvE7dYkNomTt9fu/LHaxtw/P1eBlL44QcfqdqL67ROES+fB27d8vbajm1EQraw
+QUoY+NM5KeQyKeRPWxDVQwAv02Lof/FSiB01yNqrzmRojtTykKB5VrnIA1DDP2vI
+SoZjPZOSIJHh3qlDaKxlGOQD9Wp4OtIPLqxpBmRgGcq2AVtm57jRAF634nTGvB+N
+7fvMpBay3EZy3sauM4MZk7bytJKK6huQjmER+GM/F/Wyw28L7rewK8ukPKx8Wybc
+ljVLrduRPt97JH4WWejy+k5vv4LHWJLsGGU474YHGMXF2VE3kJ3JKj8Wm5gS6p/p
+-----END RSA PRIVATE KEY-----
diff --git a/internal/certs/data/testclient.crt b/internal/certs/data/testclient.crt
new file mode 100644
index 0000000..f46f386
--- /dev/null
+++ b/internal/certs/data/testclient.crt
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEkDCCAvigAwIBAgIBFDANBgkqhkiG9w0BAQsFADBKMQ8wDQYDVQQDEwZUZXN0
+ZXIxKjAoBgNVBAoTIUNTQUYgVG9vbHMgRGV2ZWxvcG1lbnQgKGludGVybmFsKTEL
+MAkGA1UEBhMCREUwHhcNMjMwOTA0MDcyMjAzWhcNMjMxMDI0MDcyMjAzWjBVMRow
+GAYDVQQDExFUTFMgVGVzdCBDbGllbnQgMTEqMCgGA1UEChMhQ1NBRiBUb29scyBE
+ZXZlbG9wbWVudCAoaW50ZXJuYWwpMQswCQYDVQQGEwJERTCCAaIwDQYJKoZIhvcN
+AQEBBQADggGPADCCAYoCggGBAN0vZbLXtRzd61rR8Hos0BGnqCaJXIwGARwxJojM
+yxASFT+KeC4QDRkgRrK6OY4k/i7TEHuUGk/Bm754++554wmmhDqv1Q4+VhhR1K/J
+Az/HVZNTAR1rPKwG82lyEpPxlRNZg/QtF9DqQSoSkL/fJLs+rq4zlKozXzREauZ5
+Be8So1dXRZfMVUMDgtk+IX8+iCeZisiWfv62ttQ0EiuiXLagd6ruEuoCSVi2tVsw
+sC/Hp8AI2Ro56mmHiWthuae1H8yDWUFLSe9AQW65qC/xVUgo/nMpK2BYVFKb70TM
+jl/dZM0Qn1tdiNyqCkbIhXjklZvZYhO+15TPkgDXDsqRUjpTrLZXLGrD6XIxCRLZ
+GY6YrUfsFTjUC6JrUrAR8zY7SLsYN5sUmFUSMpJnI+T/SD4p/0CXrKrbMOjWQqz6
+FX/WHPxvswGKHk5zHYGHrzx7OKmfVa6gzUgZSfOHj2xOOR2Un9DwNavIrmSCWYXK
+Zqig5qDyfzBvlXWEio/5GrDwgQIDAQABo3YwdDAMBgNVHRMBAf8EAjAAMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFKrFhODj
+TKCopb+WQa29PsHR4HXgMB8GA1UdIwQYMBaAFI6GhktAq9L2uRChC9LcXeedKiUg
+MA0GCSqGSIb3DQEBCwUAA4IBgQAbUDaIkmubooDde7BpZQx742BsPg4IN68bIg9A
+3jI9codx9c8l9ROvZ/7FeRNXzhYrQUwzcKpwtQ1mB7kM85oXaTLxrtnkZAO2fFSb
+8RA6QjOrnOvewWaO3moCZaPnN1wWtlnUev2tD7D2Tz/f20dE2wbDV0BGb8bU4eGI
+UVgzYrMh0MHaC8LKoXUWP97jp/p+9CG4D2S1CmpzP2Nm1dS03oj4UHIUtamjivYY
+vOeoKATXmj59lgYqqoAVbTH6f4mZlZGmzUhRxK6hck7xBdiXAwfta72m4WzE7HRh
+nHAgO5aVWb6zltvVDJhYumB9Itv+LI7uU8fF9Uyc65SZ2BevxgikoDNxTx0oNr+4
+hExQhJfKuPFF2NI1N2tPYJT53Cek/ZJfjX3TyBneqehthtRqoAIIEaF/QlXqzJIi
+G66YFC3xFlLmaQh52DJkF2+hzcPhFTVQv3yCirGLUSS9Nm7vTO2wnnW5arZazSV+
+enRZb3oiVYFVDh0Hymz9g5VraMw=
+-----END CERTIFICATE-----
diff --git a/internal/certs/data/testclientkey.pem b/internal/certs/data/testclientkey.pem
new file mode 100644
index 0000000..ce2726e
--- /dev/null
+++ b/internal/certs/data/testclientkey.pem
@@ -0,0 +1,182 @@
+Public Key Info:
+	Public Key Algorithm: RSA
+	Key Security Level: High (3072 bits)
+
+modulus:
+	00:dd:2f:65:b2:d7:b5:1c:dd:eb:5a:d1:f0:7a:2c:d0
+	11:a7:a8:26:89:5c:8c:06:01:1c:31:26:88:cc:cb:10
+	12:15:3f:8a:78:2e:10:0d:19:20:46:b2:ba:39:8e:24
+	fe:2e:d3:10:7b:94:1a:4f:c1:9b:be:78:fb:ee:79:e3
+	09:a6:84:3a:af:d5:0e:3e:56:18:51:d4:af:c9:03:3f
+	c7:55:93:53:01:1d:6b:3c:ac:06:f3:69:72:12:93:f1
+	95:13:59:83:f4:2d:17:d0:ea:41:2a:12:90:bf:df:24
+	bb:3e:ae:ae:33:94:aa:33:5f:34:44:6a:e6:79:05:ef
+	12:a3:57:57:45:97:cc:55:43:03:82:d9:3e:21:7f:3e
+	88:27:99:8a:c8:96:7e:fe:b6:b6:d4:34:12:2b:a2:5c
+	b6:a0:77:aa:ee:12:ea:02:49:58:b6:b5:5b:30:b0:2f
+	c7:a7:c0:08:d9:1a:39:ea:69:87:89:6b:61:b9:a7:b5
+	1f:cc:83:59:41:4b:49:ef:40:41:6e:b9:a8:2f:f1:55
+	48:28:fe:73:29:2b:60:58:54:52:9b:ef:44:cc:8e:5f
+	dd:64:cd:10:9f:5b:5d:88:dc:aa:0a:46:c8:85:78:e4
+	95:9b:d9:62:13:be:d7:94:cf:92:00:d7:0e:ca:91:52
+	3a:53:ac:b6:57:2c:6a:c3:e9:72:31:09:12:d9:19:8e
+	98:ad:47:ec:15:38:d4:0b:a2:6b:52:b0:11:f3:36:3b
+	48:bb:18:37:9b:14:98:55:12:32:92:67:23:e4:ff:48
+	3e:29:ff:40:97:ac:aa:db:30:e8:d6:42:ac:fa:15:7f
+	d6:1c:fc:6f:b3:01:8a:1e:4e:73:1d:81:87:af:3c:7b
+	38:a9:9f:55:ae:a0:cd:48:19:49:f3:87:8f:6c:4e:39
+	1d:94:9f:d0:f0:35:ab:c8:ae:64:82:59:85:ca:66:a8
+	a0:e6:a0:f2:7f:30:6f:95:75:84:8a:8f:f9:1a:b0:f0
+	81:
+
+public exponent:
+	01:00:01:
+
+private exponent:
+	14:ff:c0:f9:ff:bc:b4:26:e5:87:53:d3:2e:e6:3e:42
+	ce:d6:0a:02:94:84:be:b5:30:46:02:50:8e:90:e0:cf
+	b6:b0:b7:a6:bd:48:cc:d5:8b:d8:ea:72:ff:af:dd:17
+	3c:be:d1:1b:ca:6d:cd:10:a6:86:a8:d9:d2:44:44:27
+	d0:65:51:65:0c:27:34:07:dc:7b:38:64:10:03:7c:f4
+	a1:cd:40:de:24:3a:e0:21:bc:ef:33:1d:9f:61:e8:57
+	ac:e4:9c:c0:7b:df:7c:f8:20:83:ac:0b:8e:0b:d3:62
+	eb:8a:8e:03:5b:a3:e5:08:ae:df:a7:fe:85:92:e8:a5
+	ae:58:46:72:d6:fc:91:43:b1:7b:a4:c0:5f:51:c3:50
+	0d:e2:67:e8:af:51:13:41:a9:8d:ef:fb:a1:a4:e2:84
+	7c:2b:a0:50:c5:fe:ed:84:a5:25:83:86:4a:d3:0f:56
+	37:38:e6:1e:26:7d:45:22:0b:ba:22:35:be:f8:8b:1b
+	72:90:13:c4:1f:c5:d1:34:b5:0e:b2:ee:f7:e1:b9:5e
+	a2:29:8d:f9:6e:23:4b:50:8f:35:c8:a9:f3:d2:1f:dd
+	ce:a0:96:50:2d:2e:af:cf:b5:e1:20:e7:e9:d2:49:ed
+	b5:0e:5b:3e:d1:4b:f1:fa:c2:73:3a:1b:51:34:7e:75
+	30:06:d2:47:d2:a8:2a:45:be:16:fb:8f:63:84:85:b7
+	bf:f7:c4:c5:3d:95:56:8c:d1:02:7f:58:ac:4d:11:7b
+	c5:55:f3:c8:4e:d7:d9:aa:62:b0:e3:1e:04:5c:97:d1
+	ca:e2:71:aa:8b:33:b4:34:e9:04:d4:70:7c:f4:cb:57
+	19:c1:03:23:f4:bc:4d:91:8f:b2:9a:99:1c:6c:81:2d
+	4d:2d:e9:a1:e3:ce:e3:c9:62:52:89:1f:47:86:61:f1
+	dd:bc:46:8d:79:0a:99:9d:aa:4b:a9:0a:72:54:db:dc
+	ae:48:be:60:4a:73:99:d8:3c:9e:07:78:05:df:87:39
+	
+
+prime1:
+	00:e9:63:0f:d7:49:31:27:a8:36:fe:95:bd:8d:05:c1
+	35:48:2e:03:4f:a6:57:54:3a:a4:95:3f:8e:9f:28:7c
+	d2:df:af:54:36:9e:7c:9f:c3:b9:64:8f:c0:b0:96:3c
+	aa:01:f6:9a:be:83:e2:85:20:0d:33:de:88:97:af:6f
+	be:3f:53:5a:a3:77:02:fd:81:17:91:3b:b2:2d:ab:78
+	db:d9:43:db:04:69:82:61:30:e4:96:ac:88:8b:f6:3f
+	56:c4:49:fd:d5:e5:8c:9d:30:ad:cf:d9:8d:5c:87:b5
+	27:4b:09:8e:19:ed:e2:11:3f:69:b2:47:be:70:39:11
+	41:a3:db:bb:b9:0e:e4:7b:50:d0:d2:c2:89:81:36:b9
+	6b:a6:fe:94:5b:06:66:e6:ed:86:52:42:5e:a9:0e:18
+	db:18:f9:14:21:3d:e0:3c:8d:79:c3:f5:d2:cc:51:65
+	fb:1c:49:ed:0a:d5:33:99:34:16:f9:1d:68:4a:78:da
+	5f:
+
+prime2:
+	00:f2:9d:ae:5f:bd:b7:a3:87:a7:8d:30:46:06:8b:15
+	a9:e5:a9:58:1c:2b:3a:7e:78:35:36:56:31:42:df:46
+	87:e8:57:0d:6e:99:de:cf:fb:a8:72:16:71:4b:b3:ad
+	ed:74:07:cb:cf:7d:2b:12:89:66:c4:0f:8a:ea:e3:37
+	17:2c:75:92:11:7a:a6:da:29:24:33:9b:69:c2:64:68
+	03:db:31:de:fe:1d:a2:4d:9d:91:9f:f0:50:b8:8f:d0
+	22:11:b9:b0:95:98:5e:65:bf:45:97:9b:35:f2:98:27
+	46:7c:b2:86:eb:7b:8b:57:f2:c3:49:47:7d:01:4a:9a
+	b0:e6:67:05:e5:61:7a:ab:63:c8:cb:d8:44:69:88:72
+	a5:a9:60:89:60:df:e6:d9:4d:16:2b:35:7b:20:00:f3
+	3c:d1:78:f9:22:eb:48:c3:7f:78:63:e6:34:60:48:30
+	66:02:bb:38:c2:94:2e:b9:86:b2:2f:9a:4f:17:7f:e1
+	1f:
+
+coefficient:
+	00:93:3e:7c:b9:ea:87:52:37:fa:d5:0a:36:fb:e1:d0
+	fc:62:4d:00:0b:ad:a8:fb:bd:34:53:96:c2:6c:a1:6a
+	49:b7:a0:24:33:16:95:79:14:ac:bb:75:8d:78:e9:10
+	fa:be:44:60:58:94:4a:9c:ba:64:1d:86:27:8b:7f:51
+	4d:80:b0:ff:7a:91:c0:4d:a4:aa:d1:f1:79:7d:8f:71
+	49:12:73:d4:44:5f:0c:2e:55:a6:d9:13:b8:3b:e5:dc
+	e1:14:98:7e:eb:5b:60:ad:d7:4b:da:c0:d8:3f:bf:70
+	92:53:8c:31:6a:8b:61:5e:a3:7d:ff:84:2c:7d:ed:9f
+	74:29:9a:e7:14:fb:c3:ab:8e:9f:60:6a:98:ab:86:0b
+	ea:fb:ff:20:2f:3b:a7:76:03:3a:55:bb:b2:c6:9c:b5
+	66:36:b8:1c:7f:9b:b6:62:89:ff:6a:d6:35:58:0b:f0
+	55:27:01:f0:67:8d:88:3f:74:48:3d:bf:8c:fc:05:62
+	47:
+
+exp1:
+	00:99:16:2d:91:dd:a4:ac:8a:9e:68:27:f8:89:c4:38
+	93:a6:a0:e7:f3:1a:fd:35:76:b1:f6:64:16:3d:37:e5
+	88:bc:c8:d8:c8:6a:f4:fc:26:fa:38:88:42:b0:92:1b
+	80:b8:80:f5:c7:f9:e2:5f:c8:42:60:bf:9b:81:43:c6
+	5c:58:55:68:a2:c8:b1:e1:6f:07:f2:6f:e1:d4:2b:21
+	bf:b3:a7:da:c5:ee:1f:63:79:1a:b7:ea:bc:36:72:73
+	e1:8a:27:ae:a4:db:49:7c:e2:2d:60:a5:27:20:86:b3
+	c0:ee:6b:7a:16:6f:ff:55:a8:ee:bf:ce:67:90:5d:1e
+	80:9b:e6:ca:1f:fd:30:c9:e2:9c:d7:62:5b:a7:b2:29
+	b5:ff:78:06:00:1f:16:e8:6a:ed:2c:8f:f4:5f:97:ab
+	9e:2b:a7:56:18:e7:e9:6a:4e:b2:8c:63:76:be:26:b6
+	6a:1c:88:31:40:65:d0:ce:b1:68:50:47:85:dd:33:a0
+	a9:
+
+exp2:
+	00:8d:b1:5f:7c:94:ed:62:39:40:b6:a9:a1:cc:02:80
+	c5:77:d6:9e:19:dd:79:4d:11:61:6a:79:8e:4d:92:de
+	bb:53:0b:3c:52:02:d5:69:3c:7d:95:1b:dc:51:2d:00
+	00:35:0a:b4:92:5a:74:c4:5f:b0:c0:02:9f:cc:2c:a5
+	29:08:93:25:9a:c5:ba:1a:a1:7a:7e:15:5e:ff:e3:ea
+	07:8e:85:a2:c9:60:7f:40:bb:2c:a8:6f:0e:85:ab:a0
+	0f:b5:b0:70:1b:fe:1f:eb:66:78:fb:60:ef:71:de:40
+	d9:de:cb:d9:16:40:52:12:2c:3a:b7:5a:63:fc:54:18
+	e2:05:bd:d7:68:ae:b4:98:d2:2f:1c:36:13:46:5b:25
+	31:f1:28:eb:32:c3:b1:2b:e9:e4:6f:99:cd:6d:d4:80
+	3a:5d:d0:3c:18:93:b7:2c:4e:0e:fe:b1:1c:97:ba:b1
+	61:72:68:eb:6e:60:62:a5:81:b0:21:33:0a:cc:1b:a8
+	5b:
+
+
+Public Key PIN:
+	pin-sha256:iFdBnKP/7hZCLdj7qqTtdNPFjpZGka259fSYvv3X02U=
+Public Key ID:
+	sha256:8857419ca3ffee16422dd8fbaaa4ed74d3c58e964691adb9f5f498befdd7d365
+	sha1:aac584e0e34ca0a8a5bf9641adbd3ec1d1e075e0
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIG5QIBAAKCAYEA3S9lste1HN3rWtHweizQEaeoJolcjAYBHDEmiMzLEBIVP4p4
+LhANGSBGsro5jiT+LtMQe5QaT8Gbvnj77nnjCaaEOq/VDj5WGFHUr8kDP8dVk1MB
+HWs8rAbzaXISk/GVE1mD9C0X0OpBKhKQv98kuz6urjOUqjNfNERq5nkF7xKjV1dF
+l8xVQwOC2T4hfz6IJ5mKyJZ+/ra21DQSK6JctqB3qu4S6gJJWLa1WzCwL8enwAjZ
+GjnqaYeJa2G5p7UfzINZQUtJ70BBbrmoL/FVSCj+cykrYFhUUpvvRMyOX91kzRCf
+W12I3KoKRsiFeOSVm9liE77XlM+SANcOypFSOlOstlcsasPpcjEJEtkZjpitR+wV
+ONQLomtSsBHzNjtIuxg3mxSYVRIykmcj5P9IPin/QJesqtsw6NZCrPoVf9Yc/G+z
+AYoeTnMdgYevPHs4qZ9VrqDNSBlJ84ePbE45HZSf0PA1q8iuZIJZhcpmqKDmoPJ/
+MG+VdYSKj/kasPCBAgMBAAECggGAFP/A+f+8tCblh1PTLuY+Qs7WCgKUhL61MEYC
+UI6Q4M+2sLemvUjM1YvY6nL/r90XPL7RG8ptzRCmhqjZ0kREJ9BlUWUMJzQH3Hs4
+ZBADfPShzUDeJDrgIbzvMx2fYehXrOScwHvffPggg6wLjgvTYuuKjgNbo+UIrt+n
+/oWS6KWuWEZy1vyRQ7F7pMBfUcNQDeJn6K9RE0Gpje/7oaTihHwroFDF/u2EpSWD
+hkrTD1Y3OOYeJn1FIgu6IjW++IsbcpATxB/F0TS1DrLu9+G5XqIpjfluI0tQjzXI
+qfPSH93OoJZQLS6vz7XhIOfp0knttQ5bPtFL8frCczobUTR+dTAG0kfSqCpFvhb7
+j2OEhbe/98TFPZVWjNECf1isTRF7xVXzyE7X2apisOMeBFyX0cricaqLM7Q06QTU
+cHz0y1cZwQMj9LxNkY+ympkcbIEtTS3poePO48liUokfR4Zh8d28Ro15Cpmdqkup
+CnJU29yuSL5gSnOZ2DyeB3gF34c5AoHBAOljD9dJMSeoNv6VvY0FwTVILgNPpldU
+OqSVP46fKHzS369UNp58n8O5ZI/AsJY8qgH2mr6D4oUgDTPeiJevb74/U1qjdwL9
+gReRO7Itq3jb2UPbBGmCYTDklqyIi/Y/VsRJ/dXljJ0wrc/ZjVyHtSdLCY4Z7eIR
+P2myR75wORFBo9u7uQ7ke1DQ0sKJgTa5a6b+lFsGZubthlJCXqkOGNsY+RQhPeA8
+jXnD9dLMUWX7HEntCtUzmTQW+R1oSnjaXwKBwQDyna5fvbejh6eNMEYGixWp5alY
+HCs6fng1NlYxQt9Gh+hXDW6Z3s/7qHIWcUuzre10B8vPfSsSiWbED4rq4zcXLHWS
+EXqm2ikkM5tpwmRoA9sx3v4dok2dkZ/wULiP0CIRubCVmF5lv0WXmzXymCdGfLKG
+63uLV/LDSUd9AUqasOZnBeVheqtjyMvYRGmIcqWpYIlg3+bZTRYrNXsgAPM80Xj5
+IutIw394Y+Y0YEgwZgK7OMKULrmGsi+aTxd/4R8CgcEAmRYtkd2krIqeaCf4icQ4
+k6ag5/Ma/TV2sfZkFj035Yi8yNjIavT8Jvo4iEKwkhuAuID1x/niX8hCYL+bgUPG
+XFhVaKLIseFvB/Jv4dQrIb+zp9rF7h9jeRq36rw2cnPhiieupNtJfOItYKUnIIaz
+wO5rehZv/1Wo7r/OZ5BdHoCb5sof/TDJ4pzXYlunsim1/3gGAB8W6GrtLI/0X5er
+niunVhjn6WpOsoxjdr4mtmociDFAZdDOsWhQR4XdM6CpAoHBAI2xX3yU7WI5QLap
+ocwCgMV31p4Z3XlNEWFqeY5Nkt67Uws8UgLVaTx9lRvcUS0AADUKtJJadMRfsMAC
+n8wspSkIkyWaxboaoXp+FV7/4+oHjoWiyWB/QLssqG8OhaugD7WwcBv+H+tmePtg
+73HeQNney9kWQFISLDq3WmP8VBjiBb3XaK60mNIvHDYTRlslMfEo6zLDsSvp5G+Z
+zW3UgDpd0DwYk7csTg7+sRyXurFhcmjrbmBipYGwITMKzBuoWwKBwQCTPny56odS
+N/rVCjb74dD8Yk0AC62o+700U5bCbKFqSbegJDMWlXkUrLt1jXjpEPq+RGBYlEqc
+umQdhieLf1FNgLD/epHATaSq0fF5fY9xSRJz1ERfDC5VptkTuDvl3OEUmH7rW2Ct
+10vawNg/v3CSU4wxaothXqN9/4Qsfe2fdCma5xT7w6uOn2BqmKuGC+r7/yAvO6d2
+AzpVu7LGnLVmNrgcf5u2Yon/atY1WAvwVScB8GeNiD90SD2/jPwFYkc=
+-----END RSA PRIVATE KEY-----
diff --git a/internal/filter/filter_test.go b/internal/filter/filter_test.go
new file mode 100644
index 0000000..14bcc59
--- /dev/null
+++ b/internal/filter/filter_test.go
@@ -0,0 +1,39 @@
+// This file is Free Software under the MIT License
+// without warranty, see README.md and LICENSES/MIT.txt for details.
+//
+// SPDX-License-Identifier: MIT
+//
+// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
+// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
+
+package filter
+
+import (
+	"testing"
+)
+
+// TestNewPatternMatcher tests if NewPatternMatcher recognizes
+// whether a set of sample regular expressions is valid
+func TestNewPatternMatcher(t *testing.T) {
+	var regex []string
+	if pm, err := NewPatternMatcher(regex); pm == nil || err != nil {
+		t.Errorf("Failure: Did not compile valid regex pattern")
+	}
+	regex = append(regex, "++")
+	if pm, err := NewPatternMatcher(regex); pm != nil || err == nil {
+		t.Errorf("Failure: No error returned at invalid compile pattern")
+	}
+}
+
+// TestMatches tests if Matches returns whether a given string
+// matches a sample of the expressions correctly.
+func TestMatches(t *testing.T) {
+	regex := []string{"a"}
+	pm, _ := NewPatternMatcher(regex)
+	if !pm.Matches("a") {
+		t.Errorf("Failure: Did not match two identical strings")
+	}
+	if pm.Matches("b") {
+		t.Errorf("Failure: Matched two non-matching strings")
+	}
+}
diff --git a/internal/misc/mime_test.go b/internal/misc/mime_test.go
new file mode 100644
index 0000000..bd5a31c
--- /dev/null
+++ b/internal/misc/mime_test.go
@@ -0,0 +1,25 @@
+// This file is Free Software under the MIT License
+// without warranty, see README.md and LICENSES/MIT.txt for details.
+//
+// SPDX-License-Identifier: MIT
+//
+// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
+// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
+
+package misc
+
+import (
+	"io"
+	"mime/multipart"
+	"testing"
+)
+
+// TestCreateFormFile tests if CreateFormFile throws an error when creating
+// a FormFile
+func TestCreateFormFile(t *testing.T) {
+	writer := multipart.NewWriter(io.Discard)
+
+	if _, err := CreateFormFile(writer, "csaf", "data", "application/json"); err != nil {
+		t.Errorf("Failure: failed to create an io.Writer via CreateFormFile")
+	}
+}
diff --git a/internal/models/models_test.go b/internal/models/models_test.go
new file mode 100644
index 0000000..7da674f
--- /dev/null
+++ b/internal/models/models_test.go
@@ -0,0 +1,113 @@
+// This file is Free Software under the MIT License
+// without warranty, see README.md and LICENSES/MIT.txt for details.
+//
+// SPDX-License-Identifier: MIT
+//
+// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
+// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
+
+package models
+
+import (
+	"testing"
+	"time"
+)
+
+// TestNewTimeInterval tests the creation of time intervals via NewTimeInterval()
+func TestNewTimeInterval(t *testing.T) {
+	var (
+		before          = time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC)
+		after           = time.Date(2010, time.November, 10, 23, 0, 0, 0, time.UTC)
+		pseudoTimeRange = TimeRange{before, after}
+	)
+	if NewTimeInterval(after, before) != pseudoTimeRange {
+		t.Errorf("Failure: Couldn't generate timerange.")
+	}
+}
+
+// TestGuessDate tests whether a sample of strings are correctly parsed into Dates by guessDate()
+func TestGuessDate(t *testing.T) {
+	if _, guess := guessDate("2006-01-02T15:04:05"); !guess {
+		t.Errorf("Failure: Could not guess valid Date from valid string")
+	}
+	if _, guess := guessDate("2006"); !guess {
+		t.Errorf("Failure: Could not guess valid Date from valid string")
+	}
+	if _, guess := guessDate("2006-01-02"); !guess {
+		t.Errorf("Failure: Could not guess valid Date from valid string")
+	}
+
+	if _, guess := guessDate(""); guess {
+		t.Errorf("Failure: Guessed Date from invalid string")
+	}
+}
+
+// TestUnmarshalText tests whether UnmarshalText() correctly unmarshals a sample of byteSlices
+func TestUnmarshalText(t *testing.T) {
+	testTimeRange := NewTimeInterval(
+		time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC),
+		time.Date(2010, time.November, 10, 23, 0, 0, 0, time.UTC))
+	byteSlice := []byte{'3', 'h'}
+	var emptySlice []byte
+	if testTimeRange.UnmarshalText(byteSlice) != nil {
+		t.Errorf(testTimeRange.UnmarshalText(byteSlice).Error())
+	}
+	if testTimeRange.UnmarshalText(emptySlice) == nil {
+		t.Errorf("Failure: UnmarshalText succeeded on invalid slice of bytes.")
+	}
+}
+
+// TestMarshalJSON tests whether MarshalJSON() correctly marshals a sample TimeRange
+func TestMarshalJSON(t *testing.T) {
+	testTimeRange := NewTimeInterval(
+		time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC),
+		time.Date(2010, time.November, 10, 23, 0, 0, 0, time.UTC))
+	if _, err := testTimeRange.MarshalJSON(); err != nil {
+		t.Errorf("Failure: %v", err)
+	}
+}
+
+// TestUnmarshalFlag tests whether UnmarshalFlag() correctly extracts time from a given timeRange string.
+func TestUnmarshalFlag(t *testing.T) {
+	testTimeRange := NewTimeInterval(
+		time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC),
+		time.Date(2010, time.November, 10, 23, 0, 0, 0, time.UTC))
+	if err := testTimeRange.UnmarshalFlag("3h"); err != nil {
+		t.Errorf(err.Error())
+	}
+	if err := testTimeRange.UnmarshalFlag("2006-01-02T15:04:05"); err != nil {
+		t.Errorf(err.Error())
+	}
+	if err := testTimeRange.UnmarshalFlag("2006-01-02T15:04:05a"); err == nil {
+		t.Errorf("Failure: Extracted time from invalid string")
+	}
+	if err := testTimeRange.UnmarshalFlag("2006-01-02T15:04:05a, 2007-01-02T15:04:05"); err == nil {
+		t.Errorf("Failure: Extracted time from invalid string")
+	}
+	if err := testTimeRange.UnmarshalFlag("2006-01-02T15:04:05, 2007-01-02T15:04:05a"); err == nil {
+		t.Errorf("Failure: Extracted time from invalid string")
+	}
+	if err := testTimeRange.UnmarshalFlag("2006-01-02T15:04:05, 2007-01-02T15:04:05"); err != nil {
+		t.Errorf(err.Error())
+	}
+}
+
+// TestContains tests whether Contains() correctly identifies a sample of points in time to be within
+// a timerange or not.
+func TestContains(t *testing.T) {
+	testTimeRange := NewTimeInterval(
+		time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC),
+		time.Date(2010, time.November, 10, 23, 0, 0, 0, time.UTC))
+	testPointInTime := time.Date(2010, time.March, 10, 23, 0, 0, 0, time.UTC)
+	testPointAfterTime := time.Date(2022, time.March, 10, 23, 0, 0, 0, time.UTC)
+	testPointBeforeTime := time.Date(2002, time.March, 10, 23, 0, 0, 0, time.UTC)
+	if !testTimeRange.Contains(testPointInTime) {
+		t.Errorf("Failure: Did not recognize point within timerange correctly.")
+	}
+	if testTimeRange.Contains(testPointAfterTime) {
+		t.Errorf("Failure: Did not recognize that a point in time was after a timerange correctly.")
+	}
+	if testTimeRange.Contains(testPointBeforeTime) {
+		t.Errorf("Failure: Did not recognize that a point in time was before a timerange correctly.")
+	}
+}
diff --git a/internal/options/data/config.toml b/internal/options/data/config.toml
new file mode 100644
index 0000000..4997225
--- /dev/null
+++ b/internal/options/data/config.toml
@@ -0,0 +1 @@
+Test = "data/config.toml"
diff --git a/internal/options/data/config_plus.toml b/internal/options/data/config_plus.toml
new file mode 100644
index 0000000..a7c600c
--- /dev/null
+++ b/internal/options/data/config_plus.toml
@@ -0,0 +1,2 @@
+Test = "data/config_plus.toml"
+surplus = true
diff --git a/internal/options/data/empty.toml b/internal/options/data/empty.toml
new file mode 100644
index 0000000..b852bc0
--- /dev/null
+++ b/internal/options/data/empty.toml
@@ -0,0 +1 @@
+# Empty but valid config file
diff --git a/internal/options/options.go b/internal/options/options.go
index bead99d..713e81a 100644
--- a/internal/options/options.go
+++ b/internal/options/options.go
@@ -3,8 +3,8 @@
 //
 // SPDX-License-Identifier: MIT
 //
-// SPDX-FileCopyrightText: 2022 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
-// Software-Engineering: 2022 Intevation GmbH <https://intevation.de>
+// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
+// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
 
 // Package options contains helpers to handle command line options and config files.
 package options
diff --git a/internal/options/options_test.go b/internal/options/options_test.go
new file mode 100644
index 0000000..3feba93
--- /dev/null
+++ b/internal/options/options_test.go
@@ -0,0 +1,206 @@
+// This file is Free Software under the MIT License
+// without warranty, see README.md and LICENSES/MIT.txt for details.
+//
+// SPDX-License-Identifier: MIT
+//
+// SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
+// Software-Engineering: 2023 Intevation GmbH <https://intevation.de>
+
+package options
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"os/exec"
+	"testing"
+)
+
+type config struct {
+	Test           string `long:"Test" description:"Test config struct"`
+	Version        bool   `long:"version" description:"test print version"`
+	ConfigLocation string `long:"configlocation" description:"test location"`
+}
+
+// TestParse helps parsing command line arguments and loading
+// stored configurations from file.
+func TestParse(t *testing.T) {
+	orig := os.Args
+	defer func() { os.Args = orig }()
+
+	os.Args = []string{"cmd"}
+	defaultConfigLocation := []string{"data/config.toml"}
+	p := Parser[config]{
+		DefaultConfigLocations: defaultConfigLocation,
+		ConfigLocation: func(cfg *config) string {
+			return cfg.ConfigLocation
+		},
+		Usage:      "[OPTIONS] domain...",
+		HasVersion: func(cfg *config) bool { return cfg.Version },
+		SetDefaults: func(cfg *config) {
+		},
+		// Re-establish default values if not set.
+		EnsureDefaults: func(cfg *config) {
+		},
+	}
+
+	// Test searching for data/config.toml as config file
+	if _, _, err := p.Parse(); err != nil {
+		t.Errorf("Failure: Valid Parser using config location failed.")
+	}
+
+	// Test invalid flag
+	os.Args = []string{"cmd", "--invalid"}
+	fmt.Println("The following test should produce a warning.")
+	if _, _, err := p.Parse(); err == nil {
+		t.Errorf("Failure: Parsed invalid flag 'invalid'")
+	}
+
+	// Test with no default location; no config is loaded
+	var emptyLocation []string
+	p.DefaultConfigLocations = emptyLocation
+	os.Args = []string{"cmd"}
+	if _, _, err := p.Parse(); err != nil {
+		t.Errorf("Failure: Valid Parser without config location failed: %s", err.Error())
+	}
+
+	// Test failing to load TOML file
+	os.Args = []string{"cmd", "--configlocation=data/config_surplus.toml"}
+	if _, _, err := p.Parse(); err == nil {
+		t.Errorf("Failure: Parsed invalid toml file.")
+	}
+
+	// Test failing to expand Path
+	os.Args = []string{"cmd", "--configlocation=~~"}
+	if _, _, err := p.Parse(); err == nil {
+		t.Errorf("Failure: Invalid path expanded.")
+	}
+
+	// os.exit tests start here
+	// test the help flag
+	// if TEST_HELP was set, try parsing the help flag
+	if os.Getenv("TEST_HELP") == "1" {
+		os.Args = []string{"cmd", "--help"}
+		p.Parse()
+		return
+	}
+
+	// Build subprocess that can be exited
+	cmd := exec.Command(orig[0], "-test.run=TestParse")
+	cmd.Env = append(os.Environ(), "TEST_HELP=1")
+	err := cmd.Run()
+	if err != nil {
+		t.Fatalf(err.Error())
+	}
+
+	// test the version flag
+	if os.Getenv("TEST_VERSION") == "1" {
+		os.Args = []string{"cmd", "--version"}
+		p.Parse()
+		return
+	}
+
+	cmd = exec.Command(orig[0], "-test.run=TestParse")
+	cmd.Env = append(os.Environ(), "TEST_VERSION=1")
+	err = cmd.Run()
+	if err != nil {
+		t.Fatalf(err.Error())
+	}
+}
+
+// TestFindConfigFile tests if findConfigFile() correctly finds existing and
+// doesn't find nonexisting config files
+func TestFindConfigFile(t *testing.T) {
+	locations := []string{"data/config.toml"}
+	notLocation := []string{"notomllocation"}
+	errorExpandLocation := []string{"~~"}
+
+	if findConfigFile(locations) != "data/config.toml" {
+		t.Errorf("Failure: Couldn't find existing toml file in specified location")
+	}
+	if !(findConfigFile(notLocation) == "") {
+		t.Errorf("Failure: Supposedly found configuration file in nonexistant location")
+	}
+	fmt.Println("The following test should produce a warning.")
+	if !(findConfigFile(errorExpandLocation) == "") {
+		t.Errorf("Failure: Supposedly found configuration file in nonexistant location")
+	}
+}
+
+// TestLoadToml tests if loadTOML() can correctly load TOML files
+func TestLoadToml(t *testing.T) {
+	var cfg config
+	if err := loadTOML(&cfg, "data/nonexistant.toml"); err.Error() != "open "+
+		"data/nonexistant.toml: no such file or directory" {
+		t.Errorf("Failure: Didn't throw the correct " +
+			"error on trying to load nonexistant file")
+	}
+	const errMsg = `could not parse ["surplus"] from "data/config_plus.toml"`
+	if err := loadTOML(&cfg, "data/config_plus.toml"); err.Error() != errMsg {
+		t.Errorf("Failure: Succeeded in parsing nonexistant parameter")
+	}
+	if err := loadTOML(&cfg, "data/config.toml"); err != nil {
+		t.Errorf(err.Error())
+	}
+}
+
+// TestErrorCheck checks whether the ErrorChecker correctly logs a fatal error
+func TestErrorCheck(t *testing.T) {
+	if os.Getenv("TEST_ERROR") == "1" {
+		ErrorCheck(errors.New("succesful"))
+		return
+	}
+	cmd := exec.Command(os.Args[0], "-test.run=TestErrorCheck")
+	cmd.Env = append(os.Environ(), "TEST_ERROR=1")
+	err := cmd.Run()
+	if e, ok := err.(*exec.ExitError); ok && !e.Success() {
+		return
+	}
+	t.Fatalf("process ran with err %v, want exit status 1", err)
+
+}
+
+// TestSecondPassCommandlineParsing checks if the second pass
+// of the command line passing is error checked.
+func TestSecondPassCommandlineParsing(t *testing.T) {
+	orig := os.Args
+	defer func() { os.Args = orig }()
+
+	os.Args = []string{"cmd"}
+	p := Parser[config]{
+		ConfigLocation: func(cfg *config) string {
+			// This is a bit stupid.
+			os.Args = []string{"cmd", "--invalid"}
+			return "data/empty.toml"
+		},
+	}
+	if _, _, err := p.Parse(); err == nil {
+		t.Fatalf("Second command line parsing pass did not fail.\n")
+	}
+}
+
+// TestSecondPassCommandlineHelp triggers the help output in the
+// second pass of the command line parsing.
+func TestSecondPassCommandlineHelp(t *testing.T) {
+	if os.Getenv("TEST_ERROR") == "1" {
+		orig := os.Args
+		defer func() { os.Args = orig }()
+
+		os.Args = []string{"cmd"}
+		p := Parser[config]{
+			ConfigLocation: func(cfg *config) string {
+				// This is a bit stupid.
+				os.Args = []string{"cmd", "--help"}
+				return "data/empty.toml"
+			},
+		}
+		p.Parse()
+		t.Fatalf("Second command line parsing pass help should not reach this.\n")
+		return
+	}
+	cmd := exec.Command(os.Args[0], "-test.run=TestSecondPassCommandlineHelp")
+	cmd.Env = append(os.Environ(), "TEST_ERROR=1")
+	if err := cmd.Run(); err != nil {
+		t.Fatalf("process ran with err %v", err)
+	}
+}