diff --git a/tests/generate.py b/tests/generate.py
index 3cf55546..0ec9e30b 100755
--- a/tests/generate.py
+++ b/tests/generate.py
@@ -312,13 +312,6 @@ def tls_server_certs(force: bool) -> None:
             permitted_subtrees=[x509.DNSName(".example.com")],
         )
 
-        generate_tls_server_cert_test(
-            output,
-            "disallow_subject_common_name",
-            expected_error="NameConstraintViolation",
-            subject_common_name="disallowed.example.com",
-            excluded_subtrees=[x509.DNSName("disallowed.example.com")],
-        )
         generate_tls_server_cert_test(
             output,
             "disallow_dns_san",
@@ -353,15 +346,6 @@ def tls_server_certs(force: bool) -> None:
                 x509.DNSName("allowed-cn.example.com"),
             ],
         )
-        generate_tls_server_cert_test(
-            output,
-            "allow_dns_san_and_disallow_subject_common_name",
-            expected_error="NameConstraintViolation",
-            sans=[x509.DNSName("allowed-san.example.com")],
-            subject_common_name="disallowed-cn.example.com",
-            permitted_subtrees=[x509.DNSName("allowed-san.example.com")],
-            excluded_subtrees=[x509.DNSName("disallowed-cn.example.com")],
-        )
         generate_tls_server_cert_test(
             output,
             "disallow_dns_san_and_allow_subject_common_name",
diff --git a/tests/tls_server_certs.rs b/tests/tls_server_certs.rs
index e0d8f2ef..a71f0e12 100644
--- a/tests/tls_server_certs.rs
+++ b/tests/tls_server_certs.rs
@@ -89,16 +89,6 @@ fn additional_dns_labels() {
     );
 }
 
-#[test]
-fn disallow_subject_common_name() {
-    let ee = include_bytes!("tls_server_certs/disallow_subject_common_name.ee.der");
-    let ca = include_bytes!("tls_server_certs/disallow_subject_common_name.ca.der");
-    assert_eq!(
-        check_cert(ee, ca, &[], &[]),
-        Err(webpki::Error::NameConstraintViolation)
-    );
-}
-
 #[test]
 fn disallow_dns_san() {
     let ee = include_bytes!("tls_server_certs/disallow_dns_san.ee.der");
@@ -138,18 +128,6 @@ fn allow_dns_san_and_subject_common_name() {
     );
 }
 
-#[test]
-fn allow_dns_san_and_disallow_subject_common_name() {
-    let ee =
-        include_bytes!("tls_server_certs/allow_dns_san_and_disallow_subject_common_name.ee.der");
-    let ca =
-        include_bytes!("tls_server_certs/allow_dns_san_and_disallow_subject_common_name.ca.der");
-    assert_eq!(
-        check_cert(ee, ca, &[], &[]),
-        Err(webpki::Error::NameConstraintViolation)
-    );
-}
-
 #[test]
 fn disallow_dns_san_and_allow_subject_common_name() {
     let ee =