diff --git a/src/test_utils.rs b/src/test_utils.rs
index ffaff592..a4d22329 100644
--- a/src/test_utils.rs
+++ b/src/test_utils.rs
@@ -1,8 +1,19 @@
 #![cfg(feature = "alloc")]
 use std::prelude::v1::*;
 
-/// Signature algorithm used by certificates and parameters generated using the test utils helpers.
-static RCGEN_SIGNATURE_ALG: &rcgen::SignatureAlgorithm = &rcgen::PKCS_ECDSA_P256_SHA256;
+#[cfg_attr(not(feature = "ring"), allow(dead_code))]
+pub(crate) fn make_end_entity(
+    issuer: &rcgen::Certificate,
+    issuer_key: &rcgen::KeyPair,
+) -> rcgen::CertifiedKey {
+    let key_pair = make_keypair();
+    rcgen::CertifiedKey {
+        cert: end_entity_params(vec!["example.com".into()])
+            .signed_by(&key_pair, issuer, issuer_key)
+            .unwrap(),
+        key_pair,
+    }
+}
 
 pub(crate) fn make_issuer(org_name: impl Into<String>) -> rcgen::CertifiedKey {
     let key_pair = make_keypair();
@@ -12,10 +23,6 @@ pub(crate) fn make_issuer(org_name: impl Into<String>) -> rcgen::CertifiedKey {
     }
 }
 
-pub(crate) fn make_keypair() -> rcgen::KeyPair {
-    rcgen::KeyPair::generate_for(RCGEN_SIGNATURE_ALG).unwrap()
-}
-
 /// Populate a [CertificateParams] that describes an unconstrained issuer certificate capable
 /// of signing other certificates and CRLs, with the given `org_name` as an organization distinguished
 /// subject name.
@@ -33,22 +40,15 @@ pub(crate) fn issuer_params(org_name: impl Into<String>) -> rcgen::CertificatePa
     ca_params
 }
 
-#[cfg_attr(not(feature = "ring"), allow(dead_code))]
-pub(crate) fn make_end_entity(
-    issuer: &rcgen::Certificate,
-    issuer_key: &rcgen::KeyPair,
-) -> rcgen::CertifiedKey {
-    let key_pair = make_keypair();
-    rcgen::CertifiedKey {
-        cert: end_entity_params(vec!["example.com".into()])
-            .signed_by(&key_pair, issuer, issuer_key)
-            .unwrap(),
-        key_pair,
-    }
-}
-
 pub(crate) fn end_entity_params(subject_alt_names: Vec<String>) -> rcgen::CertificateParams {
     let mut ee_params = rcgen::CertificateParams::new(subject_alt_names).unwrap();
     ee_params.is_ca = rcgen::IsCa::ExplicitNoCa;
     ee_params
 }
+
+pub(crate) fn make_keypair() -> rcgen::KeyPair {
+    rcgen::KeyPair::generate_for(RCGEN_SIGNATURE_ALG).unwrap()
+}
+
+/// Signature algorithm used by certificates and parameters generated using the test utils helpers.
+static RCGEN_SIGNATURE_ALG: &rcgen::SignatureAlgorithm = &rcgen::PKCS_ECDSA_P256_SHA256;