diff --git a/core/peer/config_test.go b/core/peer/config_test.go
index cc3a4634416..1a407f4254b 100644
--- a/core/peer/config_test.go
+++ b/core/peer/config_test.go
@@ -7,6 +7,7 @@ package peer
 
 import (
 	"crypto/tls"
+	"io/ioutil"
 	"net"
 	"os"
 	"path/filepath"
@@ -14,6 +15,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/hyperledger/fabric/common/crypto/tlsgen"
 	"github.com/hyperledger/fabric/internal/pkg/comm"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/assert"
@@ -94,10 +96,15 @@ func TestPeerAddress(t *testing.T) {
 }
 
 func TestGetServerConfig(t *testing.T) {
+	tempdir, err := ioutil.TempDir("", "peer-clientcert")
+	assert.NoError(t, err)
+	defer os.RemoveAll(tempdir)
+
 	// good config without TLS
 	viper.Set("peer.tls.enabled", false)
 	viper.Set("peer.connectiontimeout", "7s")
-	sc, _ := GetServerConfig()
+	sc, err := GetServerConfig()
+	assert.NoError(t, err)
 	assert.Equal(t, false, sc.SecOpts.UseTLS, "ServerConfig.SecOpts.UseTLS should be false")
 	assert.Equal(t, sc.ConnectionTimeout, 7*time.Second, "ServerConfig.ConnectionTimeout should be 7 seconds")
 
@@ -114,27 +121,47 @@ func TestGetServerConfig(t *testing.T) {
 	assert.Equal(t, time.Duration(2)*time.Minute, sc.KaOpts.ServerMinInterval, "ServerConfig.KaOpts.ServerMinInterval should be set to 2 min")
 
 	// good config with TLS
+	org1CA, err := tlsgen.NewCA()
+	assert.NoError(t, err)
+	err = ioutil.WriteFile(filepath.Join(tempdir, "org1-ca-cert.pem"), org1CA.CertBytes(), 0o644)
+	assert.NoError(t, err)
+	org2CA, err := tlsgen.NewCA()
+	assert.NoError(t, err)
+	err = ioutil.WriteFile(filepath.Join(tempdir, "org2-ca-cert.pem"), org2CA.CertBytes(), 0o644)
+	assert.NoError(t, err)
+
+	org1ServerKP, err := org1CA.NewServerCertKeyPair("localhost")
+	assert.NoError(t, err)
+	err = ioutil.WriteFile(filepath.Join(tempdir, "org1-server1-cert.pem"), org1ServerKP.Cert, 0o644)
+	assert.NoError(t, err)
+	err = ioutil.WriteFile(filepath.Join(tempdir, "org1-server1-key.pem"), org1ServerKP.Key, 0o600)
+	assert.NoError(t, err)
+
 	viper.Set("peer.tls.enabled", true)
-	viper.Set("peer.tls.cert.file", filepath.Join("testdata", "Org1-server1-cert.pem"))
-	viper.Set("peer.tls.key.file", filepath.Join("testdata", "Org1-server1-key.pem"))
-	viper.Set("peer.tls.rootcert.file", filepath.Join("testdata", "Org1-cert.pem"))
-	sc, _ = GetServerConfig()
+	viper.Set("peer.tls.cert.file", filepath.Join(tempdir, "org1-server1-cert.pem"))
+	viper.Set("peer.tls.key.file", filepath.Join(tempdir, "org1-server1-key.pem"))
+	viper.Set("peer.tls.rootcert.file", filepath.Join(tempdir, "org1-ca-cert.pem"))
+
+	sc, err = GetServerConfig()
+	assert.NoError(t, err, "failed to build server config")
 	assert.Equal(t, true, sc.SecOpts.UseTLS, "ServerConfig.SecOpts.UseTLS should be true")
 	assert.Equal(t, false, sc.SecOpts.RequireClientCert, "ServerConfig.SecOpts.RequireClientCert should be false")
 	viper.Set("peer.tls.clientAuthRequired", true)
 	viper.Set("peer.tls.clientRootCAs.files", []string{
-		filepath.Join("testdata", "Org1-cert.pem"),
-		filepath.Join("testdata", "Org2-cert.pem"),
+		filepath.Join(tempdir, "org1-ca-cert.pem"),
+		filepath.Join(tempdir, "org2-ca-cert.pem"),
 	})
 	sc, _ = GetServerConfig()
 	assert.Equal(t, true, sc.SecOpts.RequireClientCert, "ServerConfig.SecOpts.RequireClientCert should be true")
 	assert.Equal(t, 2, len(sc.SecOpts.ClientRootCAs), "ServerConfig.SecOpts.ClientRootCAs should contain 2 entries")
 
 	// bad config with TLS
-	viper.Set("peer.tls.rootcert.file", filepath.Join("testdata", "Org11-cert.pem"))
-	_, err := GetServerConfig()
+	viper.Set("peer.tls.rootcert.file", "non-existent-file.pem")
+	_, err = GetServerConfig()
 	assert.Error(t, err, "GetServerConfig should return error with bad root cert path")
-	viper.Set("peer.tls.cert.file", filepath.Join("testdata", "Org11-cert.pem"))
+
+	viper.Set("peer.tls.rootcert.file", filepath.Join(tempdir, "org1-ca-cert.pem"))
+	viper.Set("peer.tls.cert.file", "non-existent-file.pem")
 	_, err = GetServerConfig()
 	assert.Error(t, err, "GetServerConfig should return error with bad tls cert path")
 
@@ -144,22 +171,35 @@ func TestGetServerConfig(t *testing.T) {
 }
 
 func TestGetClientCertificate(t *testing.T) {
+	tempdir, err := ioutil.TempDir("", "peer-clientcert")
+	assert.NoError(t, err)
+	defer os.RemoveAll(tempdir)
+
+	ca, err := tlsgen.NewCA()
+	assert.NoError(t, err)
+	kp, err := ca.NewServerCertKeyPair("localhost")
+	assert.NoError(t, err)
+	err = ioutil.WriteFile(filepath.Join(tempdir, "server1-cert.pem"), kp.Cert, 0o644)
+	assert.NoError(t, err)
+	err = ioutil.WriteFile(filepath.Join(tempdir, "server1-key.pem"), kp.Key, 0o600)
+	assert.NoError(t, err)
+
 	viper.Set("peer.tls.key.file", "")
 	viper.Set("peer.tls.cert.file", "")
 	viper.Set("peer.tls.clientKey.file", "")
 	viper.Set("peer.tls.clientCert.file", "")
 
 	// neither client nor server key pairs set - expect error
-	_, err := GetClientCertificate()
+	_, err = GetClientCertificate()
 	assert.Error(t, err)
 
 	viper.Set("peer.tls.key.file", "")
-	viper.Set("peer.tls.cert.file", filepath.Join("testdata", "Org1-server1-cert.pem"))
+	viper.Set("peer.tls.cert.file", filepath.Join(tempdir, "server1-cert.pem"))
 	// missing server key file - expect error
 	_, err = GetClientCertificate()
 	assert.Error(t, err)
 
-	viper.Set("peer.tls.key.file", filepath.Join("testdata", "Org1-server1-key.pem"))
+	viper.Set("peer.tls.key.file", filepath.Join(tempdir, "server1-key.pem"))
 	viper.Set("peer.tls.cert.file", "")
 	// missing server cert file - expect error
 	_, err = GetClientCertificate()
@@ -167,29 +207,29 @@ func TestGetClientCertificate(t *testing.T) {
 
 	// set server TLS settings to ensure we get the client TLS settings
 	// when they are set properly
-	viper.Set("peer.tls.key.file", filepath.Join("testdata", "Org1-server1-key.pem"))
-	viper.Set("peer.tls.cert.file", filepath.Join("testdata", "Org1-server1-cert.pem"))
+	viper.Set("peer.tls.key.file", filepath.Join(tempdir, "server1-key.pem"))
+	viper.Set("peer.tls.cert.file", filepath.Join(tempdir, "server1-cert.pem"))
 
 	// peer.tls.clientCert.file not set - expect error
-	viper.Set("peer.tls.clientKey.file", filepath.Join("testdata", "Org2-server1-key.pem"))
+	viper.Set("peer.tls.clientKey.file", filepath.Join(tempdir, "server1-key.pem"))
 	_, err = GetClientCertificate()
 	assert.Error(t, err)
 
 	// peer.tls.clientKey.file not set - expect error
 	viper.Set("peer.tls.clientKey.file", "")
-	viper.Set("peer.tls.clientCert.file", filepath.Join("testdata", "Org2-server1-cert.pem"))
+	viper.Set("peer.tls.clientCert.file", filepath.Join(tempdir, "server1-cert.pem"))
 	_, err = GetClientCertificate()
 	assert.Error(t, err)
 
 	// client auth required and clientKey/clientCert set
 	expected, err := tls.LoadX509KeyPair(
-		filepath.Join("testdata", "Org2-server1-cert.pem"),
-		filepath.Join("testdata", "Org2-server1-key.pem"),
+		filepath.Join(tempdir, "server1-cert.pem"),
+		filepath.Join(tempdir, "server1-key.pem"),
 	)
 	if err != nil {
 		t.Fatalf("Failed to load test certificate (%s)", err)
 	}
-	viper.Set("peer.tls.clientKey.file", filepath.Join("testdata", "Org2-server1-key.pem"))
+	viper.Set("peer.tls.clientKey.file", filepath.Join(tempdir, "server1-key.pem"))
 	cert, err := GetClientCertificate()
 	assert.NoError(t, err)
 	assert.Equal(t, expected, cert)
@@ -199,12 +239,10 @@ func TestGetClientCertificate(t *testing.T) {
 	viper.Set("peer.tls.clientKey.file", "")
 	viper.Set("peer.tls.clientCert.file", "")
 	expected, err = tls.LoadX509KeyPair(
-		filepath.Join("testdata", "Org1-server1-cert.pem"),
-		filepath.Join("testdata", "Org1-server1-key.pem"),
+		filepath.Join(tempdir, "server1-cert.pem"),
+		filepath.Join(tempdir, "server1-key.pem"),
 	)
-	if err != nil {
-		t.Fatalf("Failed to load test certificate (%s)", err)
-	}
+	assert.NoError(t, err, "failed to load test certificate")
 	cert, err = GetClientCertificate()
 	assert.NoError(t, err)
 	assert.Equal(t, expected, cert)
diff --git a/core/peer/peer_test.go b/core/peer/peer_test.go
index 2820e1ab203..2657bed9eb1 100644
--- a/core/peer/peer_test.go
+++ b/core/peer/peer_test.go
@@ -18,6 +18,7 @@ import (
 	"github.com/hyperledger/fabric-protos-go/common"
 	"github.com/hyperledger/fabric/bccsp/sw"
 	configtxtest "github.com/hyperledger/fabric/common/configtx/test"
+	"github.com/hyperledger/fabric/common/crypto/tlsgen"
 	"github.com/hyperledger/fabric/common/metrics/disabled"
 	"github.com/hyperledger/fabric/core/committer/txvalidator/plugin"
 	"github.com/hyperledger/fabric/core/deliverservice"
@@ -123,27 +124,23 @@ func TestInitialize(t *testing.T) {
 	peerInstance, cleanup := NewTestPeer(t)
 	defer cleanup()
 
-	org1CA, err := ioutil.ReadFile(filepath.Join("testdata", "Org1-cert.pem"))
+	org1CA, err := tlsgen.NewCA()
 	require.NoError(t, err)
-	org1Server1Key, err := ioutil.ReadFile(filepath.Join("testdata", "Org1-server1-key.pem"))
-	require.NoError(t, err)
-	org1Server1Cert, err := ioutil.ReadFile(filepath.Join("testdata", "Org1-server1-cert.pem"))
+	org1Server1KeyPair, err := org1CA.NewServerCertKeyPair("localhost", "127.0.0.1", "::1")
 	require.NoError(t, err)
+
 	serverConfig := comm.ServerConfig{
 		SecOpts: comm.SecureOptions{
 			UseTLS:            true,
-			Certificate:       org1Server1Cert,
-			Key:               org1Server1Key,
-			ServerRootCAs:     [][]byte{org1CA},
+			Certificate:       org1Server1KeyPair.Cert,
+			Key:               org1Server1KeyPair.Key,
+			ServerRootCAs:     [][]byte{org1CA.CertBytes()},
 			RequireClientCert: true,
 		},
 	}
 
 	server, err := comm.NewGRPCServer("localhost:0", serverConfig)
-	if err != nil {
-		t.Fatalf("NewGRPCServer failed with error [%s]", err)
-		return
-	}
+	require.NoError(t, err, "failed to create gRPC server")
 
 	peerInstance.Initialize(
 		nil,
diff --git a/core/peer/pkg_test.go b/core/peer/pkg_test.go
index 57a046734ff..3fea7da2ad8 100644
--- a/core/peer/pkg_test.go
+++ b/core/peer/pkg_test.go
@@ -11,32 +11,28 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
-	"io/ioutil"
 	"net"
-	"path/filepath"
 	"testing"
 	"time"
 
-	"github.com/golang/protobuf/proto"
 	cb "github.com/hyperledger/fabric-protos-go/common"
 	mspproto "github.com/hyperledger/fabric-protos-go/msp"
 	pb "github.com/hyperledger/fabric-protos-go/peer"
 	configtxtest "github.com/hyperledger/fabric/common/configtx/test"
+	"github.com/hyperledger/fabric/common/crypto/tlsgen"
 	"github.com/hyperledger/fabric/core/ledger/mock"
 	"github.com/hyperledger/fabric/core/peer"
 	"github.com/hyperledger/fabric/internal/pkg/comm"
 	"github.com/hyperledger/fabric/internal/pkg/comm/testpb"
 	"github.com/hyperledger/fabric/internal/pkg/txflags"
 	"github.com/hyperledger/fabric/msp"
+	"github.com/hyperledger/fabric/protoutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 )
 
-// default timeout for grpc connections
-var timeout = time.Second * 1
-
 // test server to be registered with the GRPCServer
 type testServiceServer struct{}
 
@@ -59,9 +55,10 @@ func createCertPool(rootCAs [][]byte) (*x509.CertPool, error) {
 func invokeEmptyCall(address string, dialOptions []grpc.DialOption) (*testpb.Empty, error) {
 	//add DialOptions
 	dialOptions = append(dialOptions, grpc.WithBlock())
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
 	defer cancel()
-	//create GRPC client conn
+
+	// create GRPC client conn
 	clientConn, err := grpc.DialContext(ctx, address, dialOptions...)
 	if err != nil {
 		return nil, err
@@ -81,9 +78,7 @@ func invokeEmptyCall(address string, dialOptions []grpc.DialOption) (*testpb.Emp
 }
 
 // helper function to build an MSPConfig given root certs
-func createMSPConfig(rootCerts, tlsRootCerts, tlsIntermediateCerts [][]byte,
-	mspID string) (*mspproto.MSPConfig, error) {
-
+func createMSPConfig(mspID string, rootCerts, tlsRootCerts, tlsIntermediateCerts [][]byte) (*mspproto.MSPConfig, error) {
 	fmspconf := &mspproto.FabricMSPConfig{
 		RootCerts:            rootCerts,
 		TlsRootCerts:         tlsRootCerts,
@@ -103,12 +98,10 @@ func createMSPConfig(rootCerts, tlsRootCerts, tlsIntermediateCerts [][]byte,
 		},
 	}
 
-	fmpsjs, err := proto.Marshal(fmspconf)
-	if err != nil {
-		return nil, err
-	}
-	mspconf := &mspproto.MSPConfig{Config: fmpsjs, Type: int32(msp.FABRIC)}
-	return mspconf, nil
+	return &mspproto.MSPConfig{
+		Config: protoutil.MarshalOrPanic(fmspconf),
+		Type:   int32(msp.FABRIC),
+	}, nil
 }
 
 func createConfigBlock(channelID string, appMSPConf, ordererMSPConf *mspproto.MSPConfig,
@@ -125,40 +118,34 @@ func createConfigBlock(channelID string, appMSPConf, ordererMSPConf *mspproto.MS
 }
 
 func TestUpdateRootsFromConfigBlock(t *testing.T) {
-	// load test certs from testdata
-	org1CA, err := ioutil.ReadFile(filepath.Join("testdata", "Org1-cert.pem"))
-	require.NoError(t, err)
-	org1Server1Key, err := ioutil.ReadFile(filepath.Join("testdata", "Org1-server1-key.pem"))
+	org1CA, err := tlsgen.NewCA()
 	require.NoError(t, err)
-	org1Server1Cert, err := ioutil.ReadFile(filepath.Join("testdata", "Org1-server1-cert.pem"))
+	org1Server1KeyPair, err := org1CA.NewServerCertKeyPair("localhost", "127.0.0.1", "::1")
 	require.NoError(t, err)
-	org2CA, err := ioutil.ReadFile(filepath.Join("testdata", "Org2-cert.pem"))
-	require.NoError(t, err)
-	org2Server1Key, err := ioutil.ReadFile(filepath.Join("testdata", "Org2-server1-key.pem"))
-	require.NoError(t, err)
-	org2Server1Cert, err := ioutil.ReadFile(filepath.Join("testdata", "Org2-server1-cert.pem"))
-	require.NoError(t, err)
-	org2IntermediateCA, err := ioutil.ReadFile(filepath.Join("testdata", "Org2-child1-cert.pem"))
+
+	org2CA, err := tlsgen.NewCA()
 	require.NoError(t, err)
-	org2IntermediateServer1Key, err := ioutil.ReadFile(filepath.Join("testdata", "Org2-child1-server1-key.pem"))
+	org2Server1KeyPair, err := org2CA.NewServerCertKeyPair("localhost", "127.0.0.1", "::1")
 	require.NoError(t, err)
-	org2IntermediateServer1Cert, err := ioutil.ReadFile(filepath.Join("testdata", "Org2-child1-server1-cert.pem"))
+
+	org2IntermediateCA, err := org2CA.NewIntermediateCA()
 	require.NoError(t, err)
-	ordererOrgCA, err := ioutil.ReadFile(filepath.Join("testdata", "Org3-cert.pem"))
+	org2IntermediateServer1KeyPair, err := org2IntermediateCA.NewServerCertKeyPair("localhost", "127.0.0.1", "::1")
 	require.NoError(t, err)
-	ordererOrgServer1Key, err := ioutil.ReadFile(filepath.Join("testdata", "Org3-server1-key.pem"))
+
+	ordererOrgCA, err := tlsgen.NewCA()
 	require.NoError(t, err)
-	ordererOrgServer1Cert, err := ioutil.ReadFile(filepath.Join("testdata", "Org3-server1-cert.pem"))
+	ordererOrgServer1KeyPair, err := ordererOrgCA.NewServerCertKeyPair("localhost", "127.0.0.1", "::1")
 	require.NoError(t, err)
 
 	// create test MSPConfigs
-	org1MSPConf, err := createMSPConfig([][]byte{org2CA}, [][]byte{org1CA}, [][]byte{}, "Org1MSP")
+	org1MSPConf, err := createMSPConfig("Org1MSP", [][]byte{org2CA.CertBytes()}, [][]byte{org1CA.CertBytes()}, [][]byte{})
 	require.NoError(t, err)
-	org2MSPConf, err := createMSPConfig([][]byte{org1CA}, [][]byte{org2CA}, [][]byte{}, "Org2MSP")
+	org2MSPConf, err := createMSPConfig("Org2MSP", [][]byte{org1CA.CertBytes()}, [][]byte{org2CA.CertBytes()}, [][]byte{})
 	require.NoError(t, err)
-	org2IntermediateMSPConf, err := createMSPConfig([][]byte{org1CA}, [][]byte{org2CA}, [][]byte{org2IntermediateCA}, "Org2IntermediateMSP")
+	org2IntermediateMSPConf, err := createMSPConfig("Org2IntermediateMSP", [][]byte{org1CA.CertBytes()}, [][]byte{org2CA.CertBytes()}, [][]byte{org2IntermediateCA.CertBytes()})
 	require.NoError(t, err)
-	ordererOrgMSPConf, err := createMSPConfig([][]byte{org1CA}, [][]byte{ordererOrgCA}, [][]byte{}, "OrdererOrgMSP")
+	ordererOrgMSPConf, err := createMSPConfig("OrdererOrgMSP", [][]byte{org1CA.CertBytes()}, [][]byte{ordererOrgCA.CertBytes()}, [][]byte{})
 	require.NoError(t, err)
 
 	// create test channel create blocks
@@ -172,9 +159,9 @@ func TestUpdateRootsFromConfigBlock(t *testing.T) {
 	serverConfig := comm.ServerConfig{
 		SecOpts: comm.SecureOptions{
 			UseTLS:            true,
-			Certificate:       org1Server1Cert,
-			Key:               org1Server1Key,
-			ServerRootCAs:     [][]byte{org1CA},
+			Certificate:       org1Server1KeyPair.Cert,
+			Key:               org1Server1KeyPair.Key,
+			ServerRootCAs:     [][]byte{org1CA.CertBytes()},
 			RequireClientCert: true,
 		},
 	}
@@ -185,17 +172,15 @@ func TestUpdateRootsFromConfigBlock(t *testing.T) {
 
 	createChannel := func(t *testing.T, cid string, block *cb.Block) {
 		err = peerInstance.CreateChannel(cid, block, &mock.DeployedChaincodeInfoProvider{}, nil, nil)
-		if err != nil {
-			t.Fatalf("Failed to create config block (%s)", err)
-		}
+		require.NoError(t, err, "failed to create channel from block")
 		t.Logf("Channel %s MSPIDs: (%s)", cid, peerInstance.GetMSPIDs(cid))
 	}
 
-	org1CertPool, err := createCertPool([][]byte{org1CA})
+	org1CertPool, err := createCertPool([][]byte{org1CA.CertBytes()})
 	require.NoError(t, err)
 
 	// use server cert as client cert
-	org1ClientCert, err := tls.X509KeyPair(org1Server1Cert, org1Server1Key)
+	org1ClientCert, err := tls.X509KeyPair(org1Server1KeyPair.Cert, org1Server1KeyPair.Key)
 	require.NoError(t, err)
 
 	org1Creds := credentials.NewTLS(&tls.Config{
@@ -203,21 +188,21 @@ func TestUpdateRootsFromConfigBlock(t *testing.T) {
 		RootCAs:      org1CertPool,
 	})
 
-	org2ClientCert, err := tls.X509KeyPair(org2Server1Cert, org2Server1Key)
+	org2ClientCert, err := tls.X509KeyPair(org2Server1KeyPair.Cert, org2Server1KeyPair.Key)
 	require.NoError(t, err)
 	org2Creds := credentials.NewTLS(&tls.Config{
 		Certificates: []tls.Certificate{org2ClientCert},
 		RootCAs:      org1CertPool,
 	})
 
-	org2IntermediateClientCert, err := tls.X509KeyPair(org2IntermediateServer1Cert, org2IntermediateServer1Key)
+	org2IntermediateClientCert, err := tls.X509KeyPair(org2IntermediateServer1KeyPair.Cert, org2IntermediateServer1KeyPair.Key)
 	require.NoError(t, err)
 	org2IntermediateCreds := credentials.NewTLS(&tls.Config{
 		Certificates: []tls.Certificate{org2IntermediateClientCert},
 		RootCAs:      org1CertPool,
 	})
 
-	ordererOrgClientCert, err := tls.X509KeyPair(ordererOrgServer1Cert, ordererOrgServer1Key)
+	ordererOrgClientCert, err := tls.X509KeyPair(ordererOrgServer1KeyPair.Cert, ordererOrgServer1KeyPair.Key)
 	require.NoError(t, err)
 
 	ordererOrgCreds := credentials.NewTLS(&tls.Config{
@@ -275,18 +260,13 @@ func TestUpdateRootsFromConfigBlock(t *testing.T) {
 	for _, test := range tests {
 		test := test
 		t.Run(test.name, func(t *testing.T) {
-			t.Logf("Running test %s ...", test.name)
 			server, err := comm.NewGRPCServer("localhost:0", test.serverConfig)
-			if err != nil {
-				t.Fatalf("NewGRPCServer failed with error [%s]", err)
-				return
-			}
+			require.NoError(t, err, "failed to create gRPC server")
+			require.NotNil(t, server)
 
 			peerInstance.SetServer(server)
 			peerInstance.ServerConfig = test.serverConfig
 
-			assert.NoError(t, err, "NewGRPCServer should not have returned an error")
-			assert.NotNil(t, server, "NewGRPCServer should have created a server")
 			// register a GRPC test service
 			testpb.RegisterTestServiceServer(server.Server(), &testServiceServer{})
 			go server.Start()
@@ -294,12 +274,8 @@ func TestUpdateRootsFromConfigBlock(t *testing.T) {
 
 			// extract dynamic listen port
 			_, port, err := net.SplitHostPort(server.Listener().Addr().String())
-			if err != nil {
-				t.Fatal(err)
-			}
-			t.Logf("listenAddress: %s", server.Listener().Addr())
+			require.NoError(t, err, "unable to extract listener port")
 			testAddress := "localhost:" + port
-			t.Logf("testAddress: %s", testAddress)
 
 			// invoke the EmptyCall service with good options but should fail
 			// until channel is created and root CAs are updated
diff --git a/core/peer/testdata/Org1-cert.pem b/core/peer/testdata/Org1-cert.pem
deleted file mode 100644
index 5b6923bb878..00000000000
--- a/core/peer/testdata/Org1-cert.pem
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIB8TCCAZegAwIBAgIQU59imQ+xl+FmwuiFyUgFezAKBggqhkjOPQQDAjBYMQsw
-CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
-YW5jaXNjbzENMAsGA1UEChMET3JnMTENMAsGA1UEAxMET3JnMTAeFw0xNzA1MDgw
-OTMwMzRaFw0yNzA1MDYwOTMwMzRaMFgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
-YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRPcmcx
-MQ0wCwYDVQQDEwRPcmcxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFkpP6EqE
-87ghFi25UWLvgPatxDiYKYaVSPvpo/XDJ0+9uUmK/C2r5Bvvxx1t8eTROwN77tEK
-r+jbJIxX3ZYQMKNDMEEwDgYDVR0PAQH/BAQDAgGmMA8GA1UdJQQIMAYGBFUdJQAw
-DwYDVR0TAQH/BAUwAwEB/zANBgNVHQ4EBgQEAQIDBDAKBggqhkjOPQQDAgNIADBF
-AiEA1Xkrpq+wrmfVVuY12dJfMQlSx+v0Q3cYce9BE1i2mioCIAzqyduK/lHPI81b
-nWiU9JF9dRQ69dEV9dxd/gzamfFU
------END CERTIFICATE-----
diff --git a/core/peer/testdata/Org1-server1-cert.pem b/core/peer/testdata/Org1-server1-cert.pem
deleted file mode 100644
index 169d8269812..00000000000
--- a/core/peer/testdata/Org1-server1-cert.pem
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICCjCCAbGgAwIBAgIQOcq9Om9VwUe9hGN0TTGw1DAKBggqhkjOPQQDAjBYMQsw
-CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
-YW5jaXNjbzENMAsGA1UEChMET3JnMTENMAsGA1UEAxMET3JnMTAeFw0xNzA1MDgw
-OTMwMzRaFw0yNzA1MDYwOTMwMzRaMGUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
-YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxPcmcx
-LXNlcnZlcjExEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49
-AwEHA0IABAm+2CZhbmsnA+HKQynXKz7fVZvvwlv/DdNg3Mdg7lIcP2z0b07/eAZ5
-0chdJNcjNAd/QAj/mmGG4dObeo4oTKGjUDBOMA4GA1UdDwEB/wQEAwIFoDAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAPBgNVHSME
-CDAGgAQBAgMEMAoGCCqGSM49BAMCA0cAMEQCIG55RvN4Boa0WS9UcIb/tI2YrAT8
-EZd/oNnZYlbxxyvdAiB6sU9xAn4oYIW9xtrrOISv3YRg8rkCEATsagQfH8SiLg==
------END CERTIFICATE-----
diff --git a/core/peer/testdata/Org1-server1-key.pem b/core/peer/testdata/Org1-server1-key.pem
deleted file mode 100644
index ddd8ce52f16..00000000000
--- a/core/peer/testdata/Org1-server1-key.pem
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEICfXQtVmdQAlp/l9umWJqCXNTDurmciDNmGHPpxHwUK/oAoGCCqGSM49
-AwEHoUQDQgAECb7YJmFuaycD4cpDKdcrPt9Vm+/CW/8N02Dcx2DuUhw/bPRvTv94
-BnnRyF0k1yM0B39ACP+aYYbh05t6jihMoQ==
------END EC PRIVATE KEY-----
diff --git a/core/peer/testdata/Org2-cert.pem b/core/peer/testdata/Org2-cert.pem
deleted file mode 100644
index 106252261fe..00000000000
--- a/core/peer/testdata/Org2-cert.pem
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIB8jCCAZigAwIBAgIRANxd4D3sY0656NqOh8Rha0AwCgYIKoZIzj0EAwIwWDEL
-MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
-cmFuY2lzY28xDTALBgNVBAoTBE9yZzIxDTALBgNVBAMTBE9yZzIwHhcNMTcwNTA4
-MDkzMDM0WhcNMjcwNTA2MDkzMDM0WjBYMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
-Q2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMET3Jn
-MjENMAsGA1UEAxMET3JnMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDYy+qzS
-J/8CMfhpBFhUhhz+7up4+lwjBWDSS01koszNh8camHTA8vS4ZsN+DZ2DRsSmRZgs
-tG2oogLLIdh6Z1CjQzBBMA4GA1UdDwEB/wQEAwIBpjAPBgNVHSUECDAGBgRVHSUA
-MA8GA1UdEwEB/wQFMAMBAf8wDQYDVR0OBAYEBAECAwQwCgYIKoZIzj0EAwIDSAAw
-RQIgWnMmH0yxAjub3qfzxQioHKQ8+WvUjAXm0ejId9Q+rDICIQDr30UCPj+SXzOb
-Cu4psMMBfLujKoiBNdLE1KEpt8lN1g==
------END CERTIFICATE-----
diff --git a/core/peer/testdata/Org2-child1-cert.pem b/core/peer/testdata/Org2-child1-cert.pem
deleted file mode 100644
index 0feba1a64b6..00000000000
--- a/core/peer/testdata/Org2-child1-cert.pem
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICETCCAbagAwIBAgIQNpgoASE9fi0ooZVKcnwnZzAKBggqhkjOPQQDAjBYMQsw
-CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
-YW5jaXNjbzENMAsGA1UEChMET3JnMjENMAsGA1UEAxMET3JnMjAeFw0xNzA1MDgw
-OTMwMzRaFw0yNzA1MDYwOTMwMzRaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
-YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtPcmcy
-LWNoaWxkMTEUMBIGA1UEAxMLT3JnMi1jaGlsZDEwWTATBgcqhkjOPQIBBggqhkjO
-PQMBBwNCAARTBJ8/o1tpHPwuixYDgRwcrzAru0cWJJhE6KWHAa0vBCG4nl0zjjRS
-og+iAuUcY4Z/gJoHol6dKSHk9h5jrqtEo1QwUjAOBgNVHQ8BAf8EBAMCAaYwDwYD
-VR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MA0GA1UdDgQGBAQBAgMEMA8G
-A1UdIwQIMAaABAECAwQwCgYIKoZIzj0EAwIDSQAwRgIhAIkPzk7ORV/WhfG7QY/6
-/OJg4++ftz2SZc44NIuogMArAiEAqbnpnmmHnzo2Qc6gnliCegpGnJ18RUT/jZlj
-1qXHcvg=
------END CERTIFICATE-----
diff --git a/core/peer/testdata/Org2-child1-key.pem b/core/peer/testdata/Org2-child1-key.pem
deleted file mode 100644
index 7b59a5ccd93..00000000000
--- a/core/peer/testdata/Org2-child1-key.pem
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEILECltESx3k5sQRtCt5rQEAo9cvTDyPxjv2UT092SY2NoAoGCCqGSM49
-AwEHoUQDQgAEUwSfP6NbaRz8LosWA4EcHK8wK7tHFiSYROilhwGtLwQhuJ5dM440
-UqIPogLlHGOGf4CaB6JenSkh5PYeY66rRA==
------END EC PRIVATE KEY-----
diff --git a/core/peer/testdata/Org2-child1-server1-cert.pem b/core/peer/testdata/Org2-child1-server1-cert.pem
deleted file mode 100644
index a406cc1de52..00000000000
--- a/core/peer/testdata/Org2-child1-server1-cert.pem
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICIDCCAcegAwIBAgIRAO3pYorhuGiPnJJphdKeQwAwCgYIKoZIzj0EAwIwZjEL
-MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
-cmFuY2lzY28xFDASBgNVBAoTC09yZzItY2hpbGQxMRQwEgYDVQQDEwtPcmcyLWNo
-aWxkMTAeFw0xNzA1MDgwOTMwMzRaFw0yNzA1MDYwOTMwMzRaMGwxCzAJBgNVBAYT
-AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
-MRwwGgYDVQQKExNPcmcyLWNoaWxkMS1zZXJ2ZXIxMRIwEAYDVQQDEwlsb2NhbGhv
-c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASaWwX7EMRpgVQ4Jasr5GmskiCq
-SP1VZA0LjiOSSVjUsCQR73Wuvx+LzRx7xLccSy3w9bAJOh32tTLqt+6XtXNlo1Aw
-TjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
-MAwGA1UdEwEB/wQCMAAwDwYDVR0jBAgwBoAEAQIDBDAKBggqhkjOPQQDAgNHADBE
-AiBxvv8tzyNwzQOQhP6MmSZ4zJGtFgX7nfUqjEYA8N9qBAIgCsKiCgLQrLwg3mld
-DKAU4r/3+400yzXPgD+fQ3T6u8k=
------END CERTIFICATE-----
diff --git a/core/peer/testdata/Org2-child1-server1-key.pem b/core/peer/testdata/Org2-child1-server1-key.pem
deleted file mode 100644
index 156f7816d27..00000000000
--- a/core/peer/testdata/Org2-child1-server1-key.pem
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIPOWGbAnyV/ubULozdRQKt+kMPrz5l3LVxz80uYpufjQoAoGCCqGSM49
-AwEHoUQDQgAEmlsF+xDEaYFUOCWrK+RprJIgqkj9VWQNC44jkklY1LAkEe91rr8f
-i80ce8S3HEst8PWwCTod9rUy6rful7VzZQ==
------END EC PRIVATE KEY-----
diff --git a/core/peer/testdata/Org2-server1-cert.pem b/core/peer/testdata/Org2-server1-cert.pem
deleted file mode 100644
index e8623bfaf30..00000000000
--- a/core/peer/testdata/Org2-server1-cert.pem
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICCzCCAbKgAwIBAgIRAII9kVh6i4X9wdur6UepocUwCgYIKoZIzj0EAwIwWDEL
-MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
-cmFuY2lzY28xDTALBgNVBAoTBE9yZzIxDTALBgNVBAMTBE9yZzIwHhcNMTcwNTA4
-MDkzMDM0WhcNMjcwNTA2MDkzMDM0WjBlMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
-Q2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMT3Jn
-Mi1zZXJ2ZXIxMRIwEAYDVQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjO
-PQMBBwNCAAT+6mAyGB0VBaGCSiMHLKASS3/q8hUbBYXmjo11mgDMIkkGwyqRvSUI
-5EsMb6XRS4UlH8Xt1NsA+9m4Vj1KWl5ro1AwTjAOBgNVHQ8BAf8EBAMCBaAwHQYD
-VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDwYDVR0j
-BAgwBoAEAQIDBDAKBggqhkjOPQQDAgNHADBEAiBq7AvYBrh7S1dtU+kPmX1fGUX0
-pvBC+ngwNwboxhfD+wIgXy0t7sff31QGb56CsszSTarOMZOK8hsNoOtvnqgAX6Q=
------END CERTIFICATE-----
diff --git a/core/peer/testdata/Org2-server1-key.pem b/core/peer/testdata/Org2-server1-key.pem
deleted file mode 100644
index f0ea1f9b1c7..00000000000
--- a/core/peer/testdata/Org2-server1-key.pem
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIHpb9jJemQ/0ODY4gM1fN+42SQ3+fAoU5vbiWFbFZ4i7oAoGCCqGSM49
-AwEHoUQDQgAE/upgMhgdFQWhgkojByygEkt/6vIVGwWF5o6NdZoAzCJJBsMqkb0l
-CORLDG+l0UuFJR/F7dTbAPvZuFY9Slpeaw==
------END EC PRIVATE KEY-----
diff --git a/core/peer/testdata/Org3-cert.pem b/core/peer/testdata/Org3-cert.pem
deleted file mode 100644
index a48e1a7f6f1..00000000000
--- a/core/peer/testdata/Org3-cert.pem
+++ /dev/null
@@ -1,13 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIB8TCCAZegAwIBAgIQWRj024bZNzkNfYVJzZNi1jAKBggqhkjOPQQDAjBYMQsw
-CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
-YW5jaXNjbzENMAsGA1UEChMET3JnMzENMAsGA1UEAxMET3JnMzAeFw0xNzA1MDgw
-OTMwMzRaFw0yNzA1MDYwOTMwMzRaMFgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
-YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRPcmcz
-MQ0wCwYDVQQDEwRPcmczMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2GUkjUoa
-BXjNL0gKTWEEpXyCTrkoHSvsbxHkSKmNT8VEZ24Vqi+SbBcMW7IckMHt+k7ofrrj
-c9hyReUSFE1RDaNDMEEwDgYDVR0PAQH/BAQDAgGmMA8GA1UdJQQIMAYGBFUdJQAw
-DwYDVR0TAQH/BAUwAwEB/zANBgNVHQ4EBgQEAQIDBDAKBggqhkjOPQQDAgNIADBF
-AiEAs7Y179Bhufjj/FcEph65BOiZRxf1o1ggPPcoS2KxWlICIH0gSlbfIFovbOSp
-0iSYRkv2NHQ2W9ZGb+KEhIB76Fkb
------END CERTIFICATE-----
diff --git a/core/peer/testdata/Org3-server1-cert.pem b/core/peer/testdata/Org3-server1-cert.pem
deleted file mode 100644
index 4895ac96fe2..00000000000
--- a/core/peer/testdata/Org3-server1-cert.pem
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICDTCCAbKgAwIBAgIRAPIConsgRjgkCZ98EpK+B2gwCgYIKoZIzj0EAwIwWDEL
-MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
-cmFuY2lzY28xDTALBgNVBAoTBE9yZzMxDTALBgNVBAMTBE9yZzMwHhcNMTcwNTA4
-MDkzMDM0WhcNMjcwNTA2MDkzMDM0WjBlMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
-Q2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEVMBMGA1UEChMMT3Jn
-My1zZXJ2ZXIxMRIwEAYDVQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjO
-PQMBBwNCAARfWHB6mV/8JHCGMcFO88qIIsKjOj4R3zdSuqVdef36DYPQsrfm/RCl
-Ck0SMEEaOcgTRieDsVFBmglUVtA1bhlxo1AwTjAOBgNVHQ8BAf8EBAMCBaAwHQYD
-VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDwYDVR0j
-BAgwBoAEAQIDBDAKBggqhkjOPQQDAgNJADBGAiEA6GCe3Y1xSyBFsl1NSj104Agt
-tka0e1pYiFVRyhc2VsICIQCX+KvCtJG52+Us5QiMj3JDRT9v4Awt3SyIYgLvdoiW
-7w==
------END CERTIFICATE-----
diff --git a/core/peer/testdata/Org3-server1-key.pem b/core/peer/testdata/Org3-server1-key.pem
deleted file mode 100644
index ccad2689f21..00000000000
--- a/core/peer/testdata/Org3-server1-key.pem
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIGTkwJcw9zftKoRk4Qo/74MFO3a+3Wu/E2s58uVDeudgoAoGCCqGSM49
-AwEHoUQDQgAEX1hweplf/CRwhjHBTvPKiCLCozo+Ed83UrqlXXn9+g2D0LK35v0Q
-pQpNEjBBGjnIE0Yng7FRQZoJVFbQNW4ZcQ==
------END EC PRIVATE KEY-----
diff --git a/core/peer/testdata/generate.go b/core/peer/testdata/generate.go
deleted file mode 100644
index 73e0923bdd9..00000000000
--- a/core/peer/testdata/generate.go
+++ /dev/null
@@ -1,12 +0,0 @@
-/*
-Copyright IBM Corp. All Rights Reserved.
-
-SPDX-License-Identifier: Apache-2.0
-*/
-
-// +build ignore
-
-//go:generate -command gencerts go run github.com/hyperledger/fabric/core/comm/testdata/certs
-//go:generate gencerts -orgs 3 -child-orgs 1 -servers 1 -clients 0
-
-package testdata