diff --git a/scripts/test b/scripts/test
index 2a2703335d..3d8f93625b 100755
--- a/scripts/test
+++ b/scripts/test
@@ -23,6 +23,9 @@ echo "Did test-run-compat $?"
 . ./scripts/test-run-hardened
 echo "Did test-run-hardened $?"
 
+. ./scripts/test-run-cacerts
+echo "Did test-run-cacerts $?"
+
 . ./scripts/test-run-upgrade
 echo "Did test-run-upgrade $?"
 
diff --git a/scripts/test-run-cacerts b/scripts/test-run-cacerts
new file mode 100755
index 0000000000..b591b0e81f
--- /dev/null
+++ b/scripts/test-run-cacerts
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+all_services=(
+    coredns
+    local-path-provisioner
+    metrics-server
+    traefik
+)
+
+export NUM_SERVERS=1
+export NUM_AGENTS=1
+export WAIT_SERVICES="${all_services[@]}"
+
+# -- This test runs in docker mounting the docker socket,
+# -- so we can't directly mount files into the test containers. Instead we have to
+# -- run a dummy container with a volume, copy files into that volume, and then
+# -- share it with the other containers that need the file.
+cluster-pre-hook() {
+    mkdir -p $TEST_DIR/pause/0/metadata
+    local testID=$(basename $TEST_DIR)
+    local name=$(echo "k3s-pause-0-${testID,,}" | tee $TEST_DIR/pause/0/metadata/name)
+    export SERVER_DOCKER_ARGS="--mount type=volume,src=$name,dst=/var/lib/rancher/k3s/server/tls"
+
+    docker run \
+        -d --name $name \
+        --hostname $name \
+        ${SERVER_DOCKER_ARGS} \
+        rancher/mirrored-pause:3.6 \
+        >/dev/null
+
+    DATA_DIR="$TEST_DIR/pause/0/k3s" ./contrib/util/certs.sh
+    docker cp "$TEST_DIR/pause/0/k3s" $name:/var/lib/rancher
+}
+export -f cluster-pre-hook
+
+start-test() {
+  echo "Cluster is up with custom CA certs"
+}
+export -f start-test
+
+test-cleanup-hook(){
+    local testID=$(basename $TEST_DIR)
+    docker volume ls -q | grep -F ${testID,,} | xargs -r docker volume rm
+}
+export -f test-cleanup-hook
+
+# --- create a basic cluster and check for functionality
+LABEL=CUSTOM-CA-CERTS run-test
+
+cleanup-test-env