diff --git a/lib/integrations/awsoidc/idp_thumbprint_test.go b/lib/integrations/awsoidc/idp_thumbprint_test.go
index 72b7f06c0ed12..14fc814688b14 100644
--- a/lib/integrations/awsoidc/idp_thumbprint_test.go
+++ b/lib/integrations/awsoidc/idp_thumbprint_test.go
@@ -20,6 +20,8 @@ package awsoidc
 
 import (
 	"context"
+	"crypto/sha1"
+	"encoding/hex"
 	"net/http/httptest"
 	"testing"
 
@@ -40,10 +42,8 @@ func TestThumbprint(t *testing.T) {
 	thumbprint, err := ThumbprintIdP(ctx, tlsServer.URL)
 	require.NoError(t, err)
 
-	// The Proxy is started using httptest.NewTLSServer, which uses a hard-coded cert
-	// located at go/src/net/http/internal/testcert/testcert.go
-	// The following value is the sha1 fingerprint of that certificate.
-	expectedThumbprint := "15dbd260c7465ecca6de2c0b2181187f66ee0d1a"
+	serverCertificateSHA1 := sha1.Sum(tlsServer.Certificate().Raw)
+	expectedThumbprint := hex.EncodeToString(serverCertificateSHA1[:])
 
 	require.Equal(t, expectedThumbprint, thumbprint)
 }
diff --git a/lib/web/oidcidp_test.go b/lib/web/oidcidp_test.go
index 20c9063a7fcb0..acd47a17d3475 100644
--- a/lib/web/oidcidp_test.go
+++ b/lib/web/oidcidp_test.go
@@ -20,6 +20,8 @@ package web
 
 import (
 	"context"
+	"crypto/sha1"
+	"encoding/hex"
 	"encoding/json"
 	"strings"
 	"testing"
@@ -99,10 +101,8 @@ func TestThumbprint(t *testing.T) {
 
 	thumbprint := strings.Trim(string(resp.Bytes()), "\"")
 
-	// The Proxy is started using httptest.NewTLSServer, which uses a hard-coded cert
-	// located at go/src/net/http/internal/testcert/testcert.go
-	// The following value is the sha1 fingerprint of that certificate.
-	expectedThumbprint := "15dbd260c7465ecca6de2c0b2181187f66ee0d1a"
+	serverCertificateSHA1 := sha1.Sum(proxy.web.TLS.Certificates[0].Leaf.Raw)
+	expectedThumbprint := hex.EncodeToString(serverCertificateSHA1[:])
 
 	require.Equal(t, expectedThumbprint, thumbprint)
 }