diff --git a/bin/aamva-test-cert b/bin/aamva-test-cert
new file mode 100755
index 00000000000..0d5ff682dae
--- /dev/null
+++ b/bin/aamva-test-cert
@@ -0,0 +1,40 @@
+#!/usr/bin/env ruby
+
+ENV['LOGIN_TASK_LOG_LEVEL'] ||= 'warn'
+require_relative '../config/environment.rb'
+require 'aamva_test'
+
+auth_url = nil
+verification_url = nil
+
+parser = OptionParser.new do |opts|
+  opts.banner = <<~EOM
+    Usage: #{$PROGRAM_NAME} --auth-url=AUTH_URL --verification-url=VERIFICATION_URL
+
+    Tests AAMVA certificate against cert environment
+
+    Options:
+  EOM
+
+  opts.on('--auth-url=AUTH_URL', 'sets the auth url') do |url|
+    auth_url = url
+  end
+
+  opts.on('--verification-url=VERIFICATION_URL', 'sets the verification url') do |url|
+    verification_url = url
+  end
+
+  opts.on('--help', 'prints this help message') do
+    puts opts
+    exit 0
+  end
+end
+
+parser.parse!(ARGV)
+
+if !auth_url || !verification_url
+  puts parser
+  exit 1
+end
+
+puts AamvaTest.new.test_cert(auth_url:, verification_url:)
diff --git a/bin/aamva-test-connectivity b/bin/aamva-test-connectivity
new file mode 100755
index 00000000000..9bf5c4cd461
--- /dev/null
+++ b/bin/aamva-test-connectivity
@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+ENV['LOGIN_TASK_LOG_LEVEL'] ||= 'warn'
+require_relative '../config/environment.rb'
+require 'aamva_test'
+
+puts AamvaTest.new.test_connectivity
diff --git a/lib/aamva_test.rb b/lib/aamva_test.rb
new file mode 100644
index 00000000000..5779ed401d7
--- /dev/null
+++ b/lib/aamva_test.rb
@@ -0,0 +1,48 @@
+# Helper that checks connectivity with AAMVA
+class AamvaTest
+  def test_connectivity
+    build_proofer.proof(applicant_jonny_proofs)
+  end
+
+  def test_cert(auth_url:, verification_url:)
+    proofer = build_proofer
+    proofer.config.cert_enabled = true
+    proofer.config.auth_url = auth_url
+    proofer.config.verification_url = verification_url
+
+    with_cleared_auth_token_cache do
+      proofer.proof(applicant_jonny_proofs)
+    end
+  end
+
+  private
+
+  # Fake user in a real AAMVA state
+  def applicant_jonny_proofs
+    {
+      uuid: '123abc',
+      first_name: 'Jonny',
+      last_name: 'Proofs',
+      dob: '2023-01-01',
+      state_id_number: '1234567890',
+      state_id_jurisdiction: 'VA',
+      state_id_type: 'drivers_license',
+      address1: '123 Fake St',
+      city: 'Arlington',
+      state: 'VA',
+      zipcode: '21000',
+    }
+  end
+
+  def with_cleared_auth_token_cache
+    Rails.cache.delete(Proofing::Aamva::AuthenticationClient::AUTH_TOKEN_CACHE_KEY)
+
+    yield
+  ensure
+    Rails.cache.delete(Proofing::Aamva::AuthenticationClient::AUTH_TOKEN_CACHE_KEY)
+  end
+
+  def build_proofer
+    Proofing::Resolution::ProgressiveProofer.new.send(:state_id_proofer)
+  end
+end
diff --git a/spec/lib/aamva_test_spec.rb b/spec/lib/aamva_test_spec.rb
new file mode 100644
index 00000000000..e490bd113ba
--- /dev/null
+++ b/spec/lib/aamva_test_spec.rb
@@ -0,0 +1,61 @@
+require 'rails_helper'
+require 'aamva_test'
+
+RSpec.describe AamvaTest do
+  before do
+    allow(IdentityConfig.store).to receive(:proofer_mock_fallback).and_return(false)
+    allow(IdentityConfig.store).to receive(:aamva_private_key).
+      and_return(Base64.strict_encode64(AamvaFixtures.aamva_private_key.to_der))
+    allow(IdentityConfig.store).to receive(:aamva_public_key).
+      and_return(Base64.strict_encode64(AamvaFixtures.aamva_public_key.to_der))
+
+    stub_request(:post, auth_url).
+      with(body: %r{http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT}).
+      to_return(body: AamvaFixtures.security_token_response, status: 200)
+    stub_request(:post, auth_url).
+      with(body: %r{http://aamva.org/authentication/3.1.0/IAuthenticationService/Authenticate}).
+      to_return(body: AamvaFixtures.authentication_token_response, status: 200)
+    stub_request(:post, verification_url).
+      to_return(body: AamvaFixtures.verification_response_namespaced_success)
+  end
+
+  subject(:tester) { AamvaTest.new }
+
+  describe '#test_connectivity' do
+    let(:auth_url) { IdentityConfig.store.aamva_auth_url }
+    let(:verification_url) { IdentityConfig.store.aamva_verification_url }
+
+    it 'connects to the live config' do
+      result = tester.test_connectivity
+
+      expect(result.exception).to be_nil
+    end
+  end
+
+  describe '#test_cert' do
+    let(:auth_url) { 'https://example.com/a' }
+    let(:verification_url) { 'https://example.com:18449/b' }
+
+    it 'makes a test request to the P6 jurisdisction' do
+      result = tester.test_cert(auth_url:, verification_url:)
+
+      expect(result.exception).to be_nil
+
+      expect(WebMock).to(
+        have_requested(:post, verification_url).with do |req|
+          expect(Nokogiri::XML(req.body).at_xpath('//ns1:MessageDestinationId').text).
+            to eq('P6'), 'it sends a request with the designated fake state'
+        end,
+      )
+    end
+
+    it 'clears the auth token cache after' do
+      Rails.cache.write(Proofing::Aamva::AuthenticationClient::AUTH_TOKEN_CACHE_KEY, 'aaa')
+
+      tester.test_cert(auth_url:, verification_url:)
+
+      expect(Rails.cache.read(Proofing::Aamva::AuthenticationClient::AUTH_TOKEN_CACHE_KEY)).
+        to be_nil
+    end
+  end
+end