diff --git a/src/ext/sgx/icelake.csr b/src/ext/sgx/icelake.csr
new file mode 100644
index 00000000..e397a228
Binary files /dev/null and b/src/ext/sgx/icelake.csr differ
diff --git a/src/ext/snp/milan.csr b/src/ext/snp/milan.csr
new file mode 100644
index 00000000..c7e70d42
Binary files /dev/null and b/src/ext/snp/milan.csr differ
diff --git a/src/main.rs b/src/main.rs
index 90f8b4ea..19b7b3c9 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -511,15 +511,14 @@ mod tests {
         use der::{AnyRef, Encode};
         use x509::attr::Attribute;
         use x509::request::{CertReq, CertReqInfo, ExtensionReq};
-        #[cfg(feature = "insecure")]
         use x509::PkiPath;
         use x509::{ext::Extension, name::RdnSequence};
 
-        #[cfg(feature = "insecure")]
         use axum::response::Response;
         use http::header::CONTENT_TYPE;
         use http::Request;
         use hyper::Body;
+        #[cfg(feature = "insecure")]
         use rstest::rstest;
         use tower::ServiceExt; // for `app.oneshot()`
 
@@ -586,7 +585,6 @@ mod tests {
             }
         }
 
-        #[cfg(feature = "insecure")]
         async fn attest_response(state: State, response: Response, multi: bool) {
             let body = hyper::body::to_bytes(response.into_body()).await.unwrap();
 
@@ -714,6 +712,22 @@ mod tests {
             assert_eq!(output.issued.len(), five_crs.len());
         }
 
+        #[tokio::test]
+        async fn sgx_canned_csr() {
+            let csr = include_bytes!("ext/sgx/icelake.csr");
+
+            let request = Request::builder()
+                .method("POST")
+                .uri("/")
+                .header(CONTENT_TYPE, PKCS10)
+                .body(Body::from(Bytes::from(csr.as_slice())))
+                .unwrap();
+
+            let response = app(certificates_state()).oneshot(request).await.unwrap();
+            assert_eq!(response.status(), StatusCode::OK);
+            attest_response(certificates_state(), response, false).await;
+        }
+
         #[cfg(feature = "insecure")]
         #[rstest]
         #[case(PKCS10, false)]
@@ -773,6 +787,22 @@ mod tests {
             }
         }
 
+        #[tokio::test]
+        async fn snp_canned_csr() {
+            let csr = include_bytes!("ext/snp/milan.csr");
+
+            let request = Request::builder()
+                .method("POST")
+                .uri("/")
+                .header(CONTENT_TYPE, PKCS10)
+                .body(Body::from(Bytes::from(csr.as_slice())))
+                .unwrap();
+
+            let response = app(certificates_state()).oneshot(request).await.unwrap();
+            assert_eq!(response.status(), StatusCode::OK);
+            attest_response(certificates_state(), response, false).await;
+        }
+
         #[cfg(feature = "insecure")]
         #[rstest]
         #[case(PKCS10, false)]