diff --git a/internal/pkg/remote/client_fips_test.go b/internal/pkg/remote/client_fips_test.go
index 7fa57ee0cd7..ffb14a7b4e3 100644
--- a/internal/pkg/remote/client_fips_test.go
+++ b/internal/pkg/remote/client_fips_test.go
@@ -7,16 +7,49 @@
 package remote
 
 import (
+	"context"
+	"crypto/tls"
+	"crypto/x509"
+	_ "embed"
 	"fmt"
+	"log"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"sync"
 	"testing"
+	"time"
 
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
 	"github.com/elastic/elastic-agent-libs/transport/httpcommon"
 	"github.com/elastic/elastic-agent-libs/transport/tlscommon"
+	"github.com/elastic/elastic-agent/internal/pkg/testutils/fipsutils"
 	"github.com/elastic/elastic-agent/pkg/core/logger/loggertest"
 )
 
+//go:embed testdata/ca.crt
+var caCertPEM []byte
+
+//go:embed testdata/server.crt
+var serverCertPEM []byte
+
+//go:embed testdata/server.key
+var serverKeyPEM []byte // RSA key with length = 2048 bits
+
+//go:embed testdata/fips_invalid.key
+var fipsInvalidKeyPEM []byte // RSA key with length = 1024 bits
+
+//go:embed testdata/fips_invalid.crt
+var fipsInvalidCertPEM []byte
+
+//go:embed testdata/fips_valid.key
+var fipsValidKeyPEM []byte // RSA key with length = 2048 bits
+
+//go:embed testdata/fips_valid.crt
+var fipsValidCertPEM []byte
+
 func TestClientWithUnsupportedTLSVersions(t *testing.T) {
 	testLogger, _ := loggertest.New("TestClientWithUnsupportedTLSVersions")
 	const unsupportedErrorMsg = "invalid configuration: unsupported tls version: %s"
@@ -70,3 +103,126 @@ func TestClientWithUnsupportedTLSVersions(t *testing.T) {
 		})
 	}
 }
+
+type serverLog struct {
+	log strings.Builder
+	mu  sync.Mutex
+}
+
+func (s *serverLog) Write(data []byte) (int, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	return s.log.Write(data)
+}
+
+func (s *serverLog) String() string {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	return s.log.String()
+}
+
+func TestClientWithCertificate(t *testing.T) {
+	cases := map[string]struct {
+		clientCertificate    []byte
+		clientKey            []byte
+		expectedHandshakeErr string
+		expectedServerLog    string
+	}{
+		"fips_invalid_key_fips140only": {
+			clientCertificate:    fipsInvalidCertPEM,
+			clientKey:            fipsInvalidKeyPEM,
+			expectedHandshakeErr: "use of keys smaller than 2048 bits is not allowed in FIPS 140-only mode",
+			expectedServerLog:    "no FIPS compatible certificate chains found",
+		},
+		"fips_valid_key_fips140only": {
+			clientCertificate:    fipsValidCertPEM,
+			clientKey:            fipsValidKeyPEM,
+			expectedHandshakeErr: "",
+			expectedServerLog:    "",
+		},
+	}
+
+	for name, test := range cases {
+		t.Run(name, func(t *testing.T) {
+			goDebugFIPS140 := fipsutils.GoDebugFIPS140()
+			if goDebugFIPS140 != fipsutils.GoDebugFIPS140Only {
+				t.Skipf(
+					`test expects to be run with GODEBUG=fips140=only but actual value is "%s", so skipping`,
+					goDebugFIPS140,
+				)
+			}
+
+			server, serverLog := startTLSServer(t)
+
+			// Create client and have it present a certificate during the
+			// TLS handshake with the server
+			testLogger, _ := loggertest.New("TestClientWithCertificate")
+			config := Config{
+				Host: server.URL,
+				Transport: httpcommon.HTTPTransportSettings{
+					TLS: &tlscommon.Config{
+						CAs: []string{string(caCertPEM)},
+						Certificate: tlscommon.CertificateConfig{
+							Certificate: string(test.clientCertificate),
+							Key:         string(test.clientKey),
+						},
+					},
+				},
+			}
+			client, err := NewWithConfig(testLogger, config, nil)
+
+			// Use client to call fake API on HTTPS server
+			ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
+			defer cancel()
+
+			resp, err := client.Send(ctx, http.MethodGet, "/echo-hello", nil, nil, nil)
+
+			if test.expectedHandshakeErr == "" {
+				require.NotNil(t, resp)
+				require.NoError(t, err)
+			} else {
+				require.Nil(t, resp)
+				require.Error(t, err)
+				require.Contains(t, err.Error(), test.expectedHandshakeErr)
+			}
+
+			require.Eventually(
+				t,
+				func() bool {
+					return assert.Contains(t, serverLog.String(), test.expectedServerLog)
+				},
+				100*time.Millisecond, 10*time.Millisecond,
+			)
+		})
+	}
+}
+
+func startTLSServer(t *testing.T) (*httptest.Server, *serverLog) {
+	// Configure server and start it
+	caCertPool := x509.NewCertPool()
+	caCertPool.AppendCertsFromPEM(caCertPEM)
+
+	// Create HTTPS server
+	const successResp = `{"message":"hello"}`
+	server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+		fmt.Fprint(w, successResp)
+	}))
+
+	serverCert, err := tls.X509KeyPair(serverCertPEM, serverKeyPEM)
+	require.NoError(t, err)
+
+	server.TLS = &tls.Config{
+		RootCAs:      caCertPool,
+		Certificates: []tls.Certificate{serverCert},
+		ClientCAs:    caCertPool,
+		ClientAuth:   tls.RequireAndVerifyClientCert,
+	}
+
+	logger := new(serverLog)
+	server.Config.ErrorLog = log.New(logger, "", 0)
+
+	server.StartTLS()
+
+	return server, logger
+}
diff --git a/internal/pkg/remote/testdata/.gitignore b/internal/pkg/remote/testdata/.gitignore
new file mode 100644
index 00000000000..237b712e401
--- /dev/null
+++ b/internal/pkg/remote/testdata/.gitignore
@@ -0,0 +1 @@
+ca.key
diff --git a/internal/pkg/remote/testdata/README.md b/internal/pkg/remote/testdata/README.md
new file mode 100644
index 00000000000..a75d271c780
--- /dev/null
+++ b/internal/pkg/remote/testdata/README.md
@@ -0,0 +1,9 @@
+The certificates and private keys in this folder are intended for use by unit tests in the parent folder.
+
+In particular, the `TestClientWithCertificate` unit test uses certificates and private keys from this folder. Note
+that this test is expected to run in FIPS mode due to the `requirefips` build tag on the file containing the test.
+In FIPS mode, it is not possible to generate insecure keys and their corresponding certificates in test code. Therefore,
+the `agent_insecure.key` and `agent_insecure.crt` have been manually generated and stored in this folder. The other keys
+and certificates in this folder are all secure (from a FIPS perspective) and could be generated in test code; however,
+they are also manually generated for simplifying the test code and since we already have a manually-generated insecure
+key and certificate in this folder anyway.
diff --git a/internal/pkg/remote/testdata/ca.crt b/internal/pkg/remote/testdata/ca.crt
new file mode 100644
index 00000000000..3137ac7c5e4
--- /dev/null
+++ b/internal/pkg/remote/testdata/ca.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIUA9Gphn0fTO3Vuo7ePJpfebnebtgwDQYJKoZIhvcNAQEL
+BQAwZDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMSEwHwYDVQQKDBhJ
+bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxCzAJBgNVBAsMAkNBMRIwEAYDVQQDDAls
+b2NhbGhvc3QwHhcNMjUwNDIyMjIwMTU2WhcNMzAwNDIxMjIwMTU2WjBkMQswCQYD
+VQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxITAfBgNVBAoMGEludGVybmV0IFdp
+ZGdpdHMgUHR5IEx0ZDELMAkGA1UECwwCQ0ExEjAQBgNVBAMMCWxvY2FsaG9zdDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIaR6W/pAoEFE5Hc6kgH2UTZ
+cd0LOT5hp3xtomKfnNONS5WgXDZbOqCSUY1+ZrG6NDrzG64vDC+AdtW7Zji7s+VA
+2hZ2DESbq+JBosAAyZbwzqosTCpp24on1VWXS+h8NT1nMGkvkkrKnM0fBK4Q9DVI
+H9QAtKysPnLwbfyWrnAHtjMd0bIrBPlt26g16l1nJklTwm2clD0ixE4MKw7lPZWE
+eJN+sK1CvA+r65huC7vDbNrL2OC+eNAiKtCH+AQR4HcB76kG9Qy/9+qfCGhizBlt
+mwceLDhz6FWgxKSgXwSfmorZLc1ecBfuWjqr9rfaUhOd4oLkmfbaEPqNu2V/rw0C
+AwEAAaNvMG0wHQYDVR0OBBYEFGzBvXdyHsVEY4bOAIiI3m4w7JfcMB8GA1UdIwQY
+MBaAFGzBvXdyHsVEY4bOAIiI3m4w7JfcMA8GA1UdEwEB/wQFMAMBAf8wGgYDVR0R
+BBMwEYIJbG9jYWxob3N0hwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQCEbCFPgfT4
+DUkl/LozK8zUPEUV6mh53rTGQLhMbPfu7l1f6aSjvb1bIzYmrEFhlv/3yke+2/BC
+lGPYZrzdy2S9Xqv2ZthBoqE7cUrUGcq6U4y9helsM4gMfokpgBuNqwFVOGtSAlYy
+otUTRuIJeCLqAUV51wYROe9dOnY//ICEVrnRmLN4uXl64LMlBWbx76PS2s9dktr1
+5oWeF8whEhzg41FGsd6QPulKgT9h8+RR10hc3F4IFCVjtnp11E22x0/YYONbuAEH
+ZxL++PbvQRAvFGpTEmxH/AIq8yGQ90V94+HB7ocqz+3y0Nl93iNoanMOAJush3uL
+oIhHS8L9ENUv
+-----END CERTIFICATE-----
diff --git a/internal/pkg/remote/testdata/fips_invalid.crt b/internal/pkg/remote/testdata/fips_invalid.crt
new file mode 100644
index 00000000000..8457dd6ec92
--- /dev/null
+++ b/internal/pkg/remote/testdata/fips_invalid.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDLzCCAhegAwIBAgIUIUHef0rqBRe0SWOxT/OwncexFiwwDQYJKoZIhvcNAQEL
+BQAwZDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMSEwHwYDVQQKDBhJ
+bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxCzAJBgNVBAsMAkNBMRIwEAYDVQQDDAls
+b2NhbGhvc3QwHhcNMjUwNDIyMjIwNjM1WhcNMzAwNDIxMjIwNjM1WjBYMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEQMA4GA1UECgwHRWxhc3RpYzEO
+MAwGA1UECwwFQWdlbnQxEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAo87+PNnpbu+hNkjPigLVKSmlDStd0OqcOmUlsegElMEk
+CArXkS+nDkD+p6o6QgGZ65mevmbJ9AxTV4tHQZ8YE695BgVa/MixzWNa2CjZu4OY
+CXJd1q8LfvkExXjp8+RVWuAh+FY5bZYGIlw2yLSHGbrE5k3F8YlfoL6ADkAf43kC
+AwEAAaNpMGcwHwYDVR0jBBgwFoAUbMG9d3IexURjhs4AiIjebjDsl9wwCQYDVR0T
+BAIwADAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwHQYDVR0OBBYEFFTZsQwH
+ipBtdR1XTu9x3yUg7H9uMA0GCSqGSIb3DQEBCwUAA4IBAQAH4gJMyjTvGUBUuih9
+VDcKsxxIGPhcBaoDRN7YX/qI5DapRA7/bP+1AIAoByrs6YTbMZYNB4hDEEywf59T
+pHNFt+3IsWOO3RCP1IeJscKO79Ga5WeKYJyV5HeNRpgNMsjslh+shzz29Qm4voiE
+Ab+x/CZYJu9Yw5JPENb035KWVAMCiN34afi3jgNcQVKYlyUwm27qVOLxTuUZU23a
+RzsFIc3/DpxIUZ7hD0qgR00jOXWAynhRpptKW7/tJmnoUk5nZuJUz3XDvE4UPvHj
+0KTf4RFfnNJbmO3ZVqj8QI9FdhOUYr/rJnrufyQBnCDEHmo9KIeIVynaijoBtem5
+mPgS
+-----END CERTIFICATE-----
diff --git a/internal/pkg/remote/testdata/fips_invalid.key b/internal/pkg/remote/testdata/fips_invalid.key
new file mode 100644
index 00000000000..bf201566e4b
--- /dev/null
+++ b/internal/pkg/remote/testdata/fips_invalid.key
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKPO/jzZ6W7voTZI
+z4oC1SkppQ0rXdDqnDplJbHoBJTBJAgK15Evpw5A/qeqOkIBmeuZnr5myfQMU1eL
+R0GfGBOveQYFWvzIsc1jWtgo2buDmAlyXdavC375BMV46fPkVVrgIfhWOW2WBiJc
+Nsi0hxm6xOZNxfGJX6C+gA5AH+N5AgMBAAECgYAD5fw6Zyge6Aeu4FGSTy7mC3WM
+ydv+8DLR99nRx6V1qeyK3yfIiHxDn4CbLYoOJTyPZRqOtuj5iVvbTO3GbIwg09tW
+4MMyS2AABIaO8Ke2MdXseI1Dt9sY7TnAPs8tz6KOEPksWXYOroqrzqXXmlG/yEei
+Fk9Z/UZB3ue33oq+IQJBAMm53Bi7ck2A7O4ueaeX9SkC5XpFpaUAimY5h8m+J0aB
+vXUjEX0BzEj7/+ocX+KaEXE0gfvQZHl2PUY5qCwnbdkCQQDP4YUknD+1lFH7l8tJ
+1whZfPEKn7MYAAS9wI5q11CTeaSkvq3z+5gX0EwLBn7WSqfcR3vQOBmyz0uzZhws
+e36hAkAP+Z4Kf12v8ZPR0PBla01I8CfIJRfXF1HegpPUUDDADqo4Soyp/6hz5zD/
+Ezwsr9LNykC49mnejJSRqSM+S+kRAkEAhKEZBmueBia0S7XkIJ9OF3Isg5+ybwyL
++dihxK7NHNpOXkG90F1kA0WFTr99KxGEmXkOGKHCW6AAZ1wte3/rIQJASAjYaX8z
+cvqU4hUIsh0A1fQDD4j1HYrkOdsThrAoWRPu2mBDsD6IWnVmHzRB8coTZllP+mBA
+JL2QoEeSSdfniw==
+-----END PRIVATE KEY-----
diff --git a/internal/pkg/remote/testdata/fips_valid.crt b/internal/pkg/remote/testdata/fips_valid.crt
new file mode 100644
index 00000000000..4734914be85
--- /dev/null
+++ b/internal/pkg/remote/testdata/fips_valid.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDszCCApugAwIBAgIUSxVUqortuZerDjU5I76K9S9af+swDQYJKoZIhvcNAQEL
+BQAwZDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMSEwHwYDVQQKDBhJ
+bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxCzAJBgNVBAsMAkNBMRIwEAYDVQQDDAls
+b2NhbGhvc3QwHhcNMjUwNDIyMjIzMDU2WhcNMzAwNDIxMjIzMDU2WjBYMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEQMA4GA1UECgwHRWxhc3RpYzEO
+MAwGA1UECwwFQWdlbnQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAITd0KajVG1cjiT/mrnMdbgmxZCF//YalZAtZNPJ
+iIUKn13vm/R44AcByROP5cPU6e/H7Z5NyJMD6blfpy0bSZ194M/7B7zTvE9GKHUj
+m4bkL+F5lzFNo7bhtxyJ7AA/QWarKp3V5XxDvgUJewuuP+aBcPHPq35hRcIYCFR/
+jqBJ4LBppWqKcsoc2aXQrW06k89Ix0dvObu/bSBAFMhvZVLefJo2BAUS0aPC6/Ms
+iEpWMYcWTmBH+UfMWSX9vRc9qoqG7dC2gxyG1cT3mo0oOmWar9FW7Frxl9IG2l1q
+lKniUNmWL86ggrNvH4ubdJ8QYi633bfVGy0JQeKDEc4y/bcCAwEAAaNpMGcwHwYD
+VR0jBBgwFoAUbMG9d3IexURjhs4AiIjebjDsl9wwCQYDVR0TBAIwADAaBgNVHREE
+EzARgglsb2NhbGhvc3SHBH8AAAEwHQYDVR0OBBYEFLIZKDQb0qqTKIyYb5GvkSJ4
+k+egMA0GCSqGSIb3DQEBCwUAA4IBAQAqBexGLG8Um4npIRyjr7jHqQ+JowXGdMUQ
+8d5b97fiCLmv+usKRF66tjEjUkz2UI/WDTntDqbE+urDMuQH41p/Bk91lfdTZavB
+TP6RfWmYJOa61w6JSsEkp21sDi055LOwrSujVNZ0jt1kf7cIKdPMsV+AKKt87QbP
+koSeTGlgppkL0fEzpqR636YDHJl1jMaCuvBI5zGqUjpY2SBR3cYmmyZdnir59bva
+yiCXawliknw/qkih+Zqwd9goq4jj4pN+ICghgVQCm5+B3VaBCuLfRWwBcIjEKXDa
+5UYPNC7QuFciBOpNrjeLSFA8ZO2Kt+WPWbkdUgozbcG/QEFgraKk
+-----END CERTIFICATE-----
diff --git a/internal/pkg/remote/testdata/fips_valid.key b/internal/pkg/remote/testdata/fips_valid.key
new file mode 100644
index 00000000000..c1ac7705d97
--- /dev/null
+++ b/internal/pkg/remote/testdata/fips_valid.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCE3dCmo1RtXI4k
+/5q5zHW4JsWQhf/2GpWQLWTTyYiFCp9d75v0eOAHAckTj+XD1Onvx+2eTciTA+m5
+X6ctG0mdfeDP+we807xPRih1I5uG5C/heZcxTaO24bcciewAP0Fmqyqd1eV8Q74F
+CXsLrj/mgXDxz6t+YUXCGAhUf46gSeCwaaVqinLKHNml0K1tOpPPSMdHbzm7v20g
+QBTIb2VS3nyaNgQFEtGjwuvzLIhKVjGHFk5gR/lHzFkl/b0XPaqKhu3QtoMchtXE
+95qNKDplmq/RVuxa8ZfSBtpdapSp4lDZli/OoIKzbx+Lm3SfEGIut9231RstCUHi
+gxHOMv23AgMBAAECggEAOsqH0+R7rDSDNT3g8gvVnxmQ3AVfID/dJEHh1pDblrr/
+j6pBoOiHgLI6jixjJ8cjiJU3wI98jAj0N7FqoNvtNAIKIx1Z7CTos09BAawy2npH
+8YZC728CXR79TmR9CBL1Vn+wyMxn0heLkmECkEWXQuDN4EHbCX3zRxIpRXJ34taK
+nAB+WFQ/ER8uzTjktWe+xLGw413qFqfkXOuQrqJkEe2G85YsvgFpGwp3YTUjR+jE
+4bdaSGAL25s8G/aHDxvS6QLMiMy0v9NXlgjYD6HqJ4Th1svVaBRslhGNtxQIzIU6
+2kWU041tvwpWaTviITtxsuFLwv+iYdvBxrPoVvesCQKBgQC6BDonpghSzxT1TKy3
+IVer6G7aVy8qdFcxCXArFvq/TDrmagaeJd5oQDMMQXUGmqgg7msb/sZ9Q1igSa/i
+RoolE2mIZ72H5nrzs92oe58lHgC699LpG3D/yIf//q9AzIpaD4jRDVPI2q+ZPZVj
+RthhNif+dd7BgcwS8b6qUkWdYwKBgQC22o65N1hZDLX8zEJE06M80ns0ufOdbe6o
+Jyl78W5EweZYIIzCQRHC342yzGYityOZ6PBNMY8BuAc2Uh/VssIRzcEaw9O9iyoE
+klsD3sH2jges1abmEpipY2yLvkc5aU8/Yqo7aDKTOrXjsKMxMdI6R1wbx3ICDDiR
+0VDz5I4onQKBgQCkRllpbGqLXxAeNbGOJOb9DU7gigBAWPArgS9LDocw68xUciwX
+/E9298NdPm1wAKMcOhHjblOyigg5vfmTNkKHzaX0bdFmtDe/Awhs44e/SsjQVU4w
+ySg468qXXD8/VaOVN4TXQhLNHbvX9Bf6zbUH3MDjKwsnD06/KDj+x5ttCwKBgFNk
+kAz2qctLGcCmY17CasM1d01PtURKO7riyW+mZ1TiXaw5hBif1nrau+QchkQ04/6w
+ls+N15vAE0H56Fzsvseh3/zV7L6YNlyJZwr3z9wjYGq5sflh58/w8TM2X4NWfPb6
+h4q6db5h20xxZavs/eToYKCmsF8wtagDH3lr9k2dAoGBAKPhIYv/hxefpbcfrSlD
+7sQ5jUxawiwLTyZ4joi3jvd7xndMEWEYamqR4IVEcD6zqcCHwcEmRnkqL8Exx3WY
+CrLyCh4Yt+wXatkm/WvjflnhJxiPKMJDXofW76O1zrddFeWcq+1wOiWekCrH4c2d
+1DeEywbz0PQhBFqY3/7wjSOj
+-----END PRIVATE KEY-----
diff --git a/internal/pkg/remote/testdata/server.crt b/internal/pkg/remote/testdata/server.crt
new file mode 100644
index 00000000000..e86ce1c6156
--- /dev/null
+++ b/internal/pkg/remote/testdata/server.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApygAwIBAgIUK6IEqUE0ugQ7k5DVPFOPmX0Bis4wDQYJKoZIhvcNAQEL
+BQAwZDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMSEwHwYDVQQKDBhJ
+bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxCzAJBgNVBAsMAkNBMRIwEAYDVQQDDAls
+b2NhbGhvc3QwHhcNMjUwNDIyMjIwNTMwWhcNMzAwNDIxMjIwNTMwWjBZMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEQMA4GA1UECgwHRWxhc3RpYzEP
+MA0GA1UECwwGU2VydmVyMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC5UaOHz3DxUmy4gMIVJ3nosjLlgJfeUDMTyQdV
+4KcdO5oqaYaX3G1uhGrtc28AzXLwzIZw2ADbzYP7kjBD9SZSYsgG4N80iT6bWs/L
+seYvFH62+qDx+WsCCcQUgBjS1A3xcz/XlhA7c0JCuScpkyFUN4+a8Cos9K2s2vWN
+yr5BLMAcRuzROZYttqzq26o1xBwlIVpveSkJJIpJA6cVoGFIyqPMN1lXBtl4vnol
+l2OGxmxqvyaFWaFnTHtkkmjd7QcspHHfmTHPbGKGqjlu0EqvxXOuEI0EudqptrEo
+sFudf/uhfEhVNiQSz7cUc3NLqAnUR+cdp7CRp5I7HmxNevoFAgMBAAGjaTBnMB8G
+A1UdIwQYMBaAFGzBvXdyHsVEY4bOAIiI3m4w7JfcMAkGA1UdEwQCMAAwGgYDVR0R
+BBMwEYIJbG9jYWxob3N0hwR/AAABMB0GA1UdDgQWBBQrf/N8KEijOAwP0rdM13sI
+1WEj1DANBgkqhkiG9w0BAQsFAAOCAQEALv/nFBYbzTonODWTqa86Hg1vEBdCVWIB
+TygOdKBRlUcomSkQJlQujBFlnTc4A43yKAABsnBN+4nTbPrI8UGztgZkAbGKAIcY
+uiJODJ9D63+voOurYoZwfgSSnDRe5Qu2sZnOhISiwaLpz0D4Jz2AF8P3AkIoP1Mv
+Zzl3BxO/WkAUV4QYPHfUY9uj13aOrpW7CfvhsdT/0eaXREwJ4q5wI0glemyrbp6X
+pusBUnviSk7tLqlzA1anU1xSMTMpAX7PmamNGT5YaX5o7aHMdMWCu7GBKhdRIb//
+gy9OWNjTE10NW52qwAFGReCSIgmvlIAilCdbBN7sBVRzUboT7iISEA==
+-----END CERTIFICATE-----
diff --git a/internal/pkg/remote/testdata/server.key b/internal/pkg/remote/testdata/server.key
new file mode 100644
index 00000000000..0c15fd87191
--- /dev/null
+++ b/internal/pkg/remote/testdata/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC5UaOHz3DxUmy4
+gMIVJ3nosjLlgJfeUDMTyQdV4KcdO5oqaYaX3G1uhGrtc28AzXLwzIZw2ADbzYP7
+kjBD9SZSYsgG4N80iT6bWs/LseYvFH62+qDx+WsCCcQUgBjS1A3xcz/XlhA7c0JC
+uScpkyFUN4+a8Cos9K2s2vWNyr5BLMAcRuzROZYttqzq26o1xBwlIVpveSkJJIpJ
+A6cVoGFIyqPMN1lXBtl4vnoll2OGxmxqvyaFWaFnTHtkkmjd7QcspHHfmTHPbGKG
+qjlu0EqvxXOuEI0EudqptrEosFudf/uhfEhVNiQSz7cUc3NLqAnUR+cdp7CRp5I7
+HmxNevoFAgMBAAECggEABInYTGorJO3U1cvpdOUrmiRLFM3KalpiddiVgmfnD9M2
+2lUNQ8jVMUCy8a/DBy0A5J7NqBPSKY/l7JJO9ksZrijXJzv4m2vFCb72mdF4hqyk
+0cxfhq2KDlm44Jumf/tLgB9Hb/sv2JThCYtJRz5gMZTOwoehMMqpOjN+kgNmF2h7
+bVwtK8zUi57y7GX8M+L18hOGPXM6ZlavjFlcdJplfsqEbe+T6p4p7lEvzc4AtQfD
++4q+tc+J7OCm7P/ZiSlyhv/aJ5a3OfL1WU7XpPEL6YqR6kKrixAmlMjDhVg2rL1M
+eyS3rF22LqEQaOf/pccFUSEdhVeTmzLf2uat3RBo3QKBgQDyP1hcgTv34N+dSCpa
+ABO+dwEiQfRG77UG0Gee8wLOwYuCgyOLznq9CL6jZYEvu21SxLUSZZshpLrTZgjh
+e53wZZxd3HYuX+q0SBtXhMy98f+udbqt2CIlA6RjQR1E56kX7P84mjCp0GffezgX
+YcDoFGxrFoRBV44FnFSXUrlXdwKBgQDD1u8d9B4aAFwodl2jfXBF6JaE5vHYwgPe
+ONLFoPbgp3bCyctA0mI78S1HCnH+WySfQwhIq78t3oyVY2DFRM3IZBR+pgIvgu+w
+b1XJ3SS/2PhrScmKrlDylrRPKc9gkSiE4/0CzC+odeKm9I+lo52WKWDiMgde1YmC
+xFh2wUrRYwKBgFOSGNio2NhV4q7u43VzC1ysz15TJIOIVIpKQUUrjq9nQ8q9lPi5
+PcyTBLl33g5qeXeRVupG1TLREoa1b6DiNYVmeIBE+xxaiKyzJ4OU09E/eDZmdQVe
+R8E/NWnsX72SsdoIL7AGOX2L4RnO93XRimxGB3UWKoAkRWGYIfKmXjxXAoGAG8mc
+hiCEQOY6LVeWM8Nxscmtyc/HEx18VQS1C2uqe/fnBv6BA4KWg7DV3tWhlRizmpF1
+VHJiHw0L34qJSZRYqo1gxxOhDcLDZcJ2Zr0lIL+ViAuhODdBrxopHW5uSWJvYGPF
+G6eDP6DydwQOec88ZfkbER1OJGuiJlbbwoXsqscCgYEA7haP0CvgIr5LIauBo9Ot
+nk+o/dW9a6/Vl9m1YFlQxwt5GFl8ecKMEIihF6purN6OJP6mOFi7O8QH9xwx3Wtu
+IZ95U4tLRiR76rFIlp/t3zMLdz8hf6SasgmfPW+MLwFHY2KtY7M9qp0aSxCGz/ff
+53g0zkAP47JWRiI8gOHZcjQ=
+-----END PRIVATE KEY-----
diff --git a/internal/pkg/testutils/fipsutils/fipsOnlySkip.go b/internal/pkg/testutils/fipsutils/fipsOnlySkip.go
index ba8803fcd33..bd30ee8a9d0 100644
--- a/internal/pkg/testutils/fipsutils/fipsOnlySkip.go
+++ b/internal/pkg/testutils/fipsutils/fipsOnlySkip.go
@@ -10,13 +10,34 @@ import (
 	"testing"
 )
 
+type GoDebugFIPS140Value string
+
+const (
+	GoDebugFIPS140NotSet GoDebugFIPS140Value = ""
+	GoDebugFIPS140On     GoDebugFIPS140Value = "on"
+	GoDebugFIPS140Only   GoDebugFIPS140Value = "only"
+)
+
 // SkipIfFIPSOnly will mark the passed test as skipped if GODEBUG=fips140=only is detected.
 // If GODBUG=fips140=on, go may call non-compliant algorithms and the test does not need to be skipped.
 func SkipIfFIPSOnly(t *testing.T, msg string) {
 	// NOTE: This only checks env var; at the time of writing fips140 can only be set via env
 	// other GODEBUG settings can be set via embedded comments or in go.mod, we may need to account for this in the future.
+	if GoDebugFIPS140() == GoDebugFIPS140Only {
+		t.Skip("GODEBUG=fips140=only detected, skipping test:", msg)
+	}
+}
+
+// GoDebugFIPS140 returns one of "on", "only", or "" depending on
+// whether the GODEBUG environment variable contains fips140=on or
+// fips140=only, or neither.
+func GoDebugFIPS140() GoDebugFIPS140Value {
 	s := os.Getenv("GODEBUG")
 	if strings.Contains(s, "fips140=only") {
-		t.Skip("GODEBUG=fips140=only detected, skipping test:", msg)
+		return GoDebugFIPS140Only
+	}
+	if strings.Contains(s, "fips140=on") {
+		return GoDebugFIPS140On
 	}
+	return GoDebugFIPS140NotSet
 }