diff --git a/.github/workflows/ca-clone-secure-ds-test.yml b/.github/workflows/ca-clone-secure-ds-test.yml
index cd67b7cd3fb..4ae26adb6fd 100644
--- a/.github/workflows/ca-clone-secure-ds-test.yml
+++ b/.github/workflows/ca-clone-secure-ds-test.yml
@@ -93,13 +93,25 @@ jobs:
         run: |
           docker exec primary pk12util \
               -d /root/.dogtag/nssdb \
-              -o ds_server.p12 \
+              -o $SHARED/primaryds_server.p12 \
               -W Secret.123 \
               -n Server-Cert
-          docker cp primary:ds_server.p12 primaryds_server.p12
-          tests/bin/ds-certs-import.sh --image=pki-runner primaryds primaryds_server.p12
-          tests/bin/ds-stop.sh --image=pki-runner primaryds
-          tests/bin/ds-start.sh --image=pki-runner primaryds
+
+          sudo chmod go+r primaryds_server.p12
+
+          tests/bin/ds-certs-import.sh \
+              --image=pki-runner \
+              --input=primaryds_server.p12 \
+              --password=Secret.123 \
+              primaryds
+
+          tests/bin/ds-stop.sh \
+              --image=pki-runner \
+              primaryds
+
+          tests/bin/ds-start.sh \
+              --image=pki-runner \
+              primaryds
 
       - name: Install CA in primary PKI container
         run: |
@@ -205,13 +217,25 @@ jobs:
         run: |
           docker exec secondary pk12util \
               -d /root/.dogtag/nssdb \
-              -o ds_server.p12 \
+              -o $SHARED/secondaryds_server.p12 \
               -W Secret.123 \
               -n Server-Cert
-          docker cp secondary:ds_server.p12 secondaryds_server.p12
-          tests/bin/ds-certs-import.sh --image=pki-runner secondaryds secondaryds_server.p12
-          tests/bin/ds-stop.sh --image=pki-runner secondaryds
-          tests/bin/ds-start.sh --image=pki-runner secondaryds
+
+          sudo chmod go+r secondaryds_server.p12
+
+          tests/bin/ds-certs-import.sh \
+              --image=pki-runner \
+              --input=secondaryds_server.p12 \
+              --password=Secret.123 \
+              secondaryds
+
+          tests/bin/ds-stop.sh \
+              --image=pki-runner \
+              secondaryds
+
+          tests/bin/ds-start.sh \
+              --image=pki-runner \
+              secondaryds
 
       - name: Install CA in secondary PKI container
         run: |
diff --git a/.github/workflows/ca-secure-ds-test.yml b/.github/workflows/ca-secure-ds-test.yml
index d2b05ca8dc5..e09bb7d9475 100644
--- a/.github/workflows/ca-secure-ds-test.yml
+++ b/.github/workflows/ca-secure-ds-test.yml
@@ -92,13 +92,26 @@ jobs:
         run: |
           docker exec pki pk12util \
               -d /root/.dogtag/nssdb \
-              -o ds_server.p12 \
+              -o $SHARED/ds_server.p12 \
               -W Secret.123 \
               -n Server-Cert
-          docker cp pki:ds_server.p12 ds_server.p12
-          tests/bin/ds-certs-import.sh --image=pki-runner ds ds_server.p12
-          tests/bin/ds-stop.sh --image=pki-runner ds
-          tests/bin/ds-start.sh --image=pki-runner ds
+
+          sudo chmod go+r ds_server.p12
+
+          tests/bin/ds-certs-import.sh \
+              --image=pki-runner \
+              --input=ds_server.p12 \
+              --password=Secret.123 \
+              --debug \
+              ds
+
+          tests/bin/ds-stop.sh \
+              --image=pki-runner \
+              ds
+
+          tests/bin/ds-start.sh \
+              --image=pki-runner \
+              ds
 
       - name: Install CA
         run: |
diff --git a/tests/bin/ds-certs-import.sh b/tests/bin/ds-certs-import.sh
index 4d3649a1983..e808adc7bd6 100755
--- a/tests/bin/ds-certs-import.sh
+++ b/tests/bin/ds-certs-import.sh
@@ -10,11 +10,12 @@ VERBOSE=
 DEBUG=
 
 usage() {
-    echo "Usage: $SCRIPT_NAME [OPTIONS] <name> <input>"
+    echo "Usage: $SCRIPT_NAME [OPTIONS] <name>"
     echo
     echo "Options:"
     echo "    --image=<image>          Container image (default: quay.io/389ds/dirsrv)"
-    echo "    --password=<password>    Directory Manager password"
+    echo "    --input=<file>           PKCS #12 file"
+    echo "    --password=<password>    PKCS #12 password"
     echo " -v,--verbose                Run in verbose mode."
     echo "    --debug                  Run in debug mode."
     echo "    --help                   Show help message."
@@ -32,6 +33,9 @@ while getopts v-: arg ; do
         image=?*)
             IMAGE="$LONG_OPTARG"
             ;;
+        input=?*)
+            INPUT="$LONG_OPTARG"
+            ;;
         password=?*)
             PASSWORD="$LONG_OPTARG"
             ;;
@@ -49,7 +53,7 @@ while getopts v-: arg ; do
         '')
             break # "--" terminates argument processing
             ;;
-        image* | password*)
+        image* | input* | password*)
             echo "ERROR: Missing argument for --$OPTARG option" >&2
             exit 1
             ;;
@@ -76,17 +80,15 @@ then
     exit 1
 fi
 
-INPUT=$2
-
 if [ "$INPUT" == "" ]
 then
-    echo "ERROR: Missing input file"
+    echo "ERROR: Missing PKCS #12 file"
     exit 1
 fi
 
 if [ "$PASSWORD" == "" ]
 then
-    PASSWORD=Secret.123
+    echo "ERROR: Missing PKCS #12 password"
 fi
 
 if [ "$IMAGE" = "" ]
@@ -125,10 +127,6 @@ import_certs_into_container() {
 
     docker cp $INPUT $NAME:/tmp/certs.p12
 
-    echo "Fixing file ownership"
-
-    docker exec -u 0 $NAME chown dirsrv.dirsrv /tmp/certs.p12
-
     echo "Exporting server cert into /data/tls/server.crt"
 
     docker exec $NAME openssl pkcs12 \