diff --git a/Makefile b/Makefile
index c1475b8981e87126f9da9bb0357f8e5df296ae06..d84768b99e3a8a0f2352d0462f409c69a7621ed4 100644
--- a/Makefile
+++ b/Makefile
@@ -67,7 +67,7 @@ build-debug: conan-install-debug
 
 build-release: conan-install-release
 	# cmake --preset conan-release # for CMake >= 3.23
-	@command -v iwyu || command include-what-you-use || \
+	@command -v iwyu || command -v include-what-you-use || \
 	  (echo "Could not find 'iwyu', exiting."; exit 1)
 	@command -v clang-tidy || command -v clang-tidy-16 || \
 	  (echo "Could not find 'clang-tidy'(-16), exiting."; exit 1)
diff --git a/test/test_connection.cpp b/test/test_connection.cpp
index 687f08bc42fb6cb85d6bc000b4962b99770f8b6e..dd39e10e38741ef89653d59dbd780d62921c1ac2 100644
--- a/test/test_connection.cpp
+++ b/test/test_connection.cpp
@@ -78,6 +78,7 @@ TEST(test_connection, connection_ssl_authentication_error_anonymous) {
   auto port = std::stoi(port_str);
   const auto *const host = linkahead::utility::get_env_fallback("CAOSDB_SERVER_HOST", "localhost");
   const auto path = linkahead::utility::get_env_fallback("CAOSDB_SERVER_CERT", std::string());
+  EXPECT_FALSE(path.empty()) << "CAOSDB_SERVER_CERT must be set to run this test.";
 
   auto cert = PemFileCertificateProvider(path);
   auto config = TlsConnectionConfiguration(host, port, cert);
@@ -95,6 +96,8 @@ TEST(test_connection, connection_ssl_authentication_error_wrong_credentials) {
   auto port = std::stoi(port_str);
   const auto *const host = linkahead::utility::get_env_fallback("CAOSDB_SERVER_HOST", "localhost");
   const auto path = linkahead::utility::get_env_fallback("CAOSDB_SERVER_CERT", std::string());
+  EXPECT_FALSE(path.empty()) << "CAOSDB_SERVER_CERT must be set to run this test.";
+
   const auto *const user = "not-a-user-23461237";
   const auto *const password = "very-c-cred";
 
@@ -109,6 +112,56 @@ TEST(test_connection, connection_ssl_authentication_error_wrong_credentials) {
                        "Authentication failed. Username or password wrong.");
 }
 
+TEST(test_connection, connection_ssl_authentication_error_wrong_certificate) {
+  const auto *port_str =
+    linkahead::utility::get_env_fallback("CAOSDB_SERVER_GRPC_PORT_HTTPS", "8443");
+  auto port = std::stoi(port_str);
+  const auto *const host = linkahead::utility::get_env_fallback("CAOSDB_SERVER_HOST", "localhost");
+  const auto path = linkahead::utility::get_env_fallback("CAOSDB_SERVER_CERT", std::string());
+  EXPECT_FALSE(path.empty()) << "CAOSDB_SERVER_CERT must be set to run this test.";
+
+
+  // TODO (JTS): This is a hack. We should use the credentials in the linkahead-client.json
+  const auto *const user = "admin";
+  const auto *const password = "caosdb";
+
+  // first test successful connection
+  auto auth = PlainPasswordAuthenticator(user, password);
+  auto good_cert = PemFileCertificateProvider(path);
+  auto good_config = TlsConnectionConfiguration(host, port, good_cert, auth);
+  auto good_connection = Connection(good_config);
+  const auto good_status = good_connection.RetrieveVersionInfoNoExceptions();
+  EXPECT_EQ(good_status.GetCode(), StatusCode::SUCCESS);
+
+  // replace certificate with a wrong one
+  auto bad_cert = configuration::PemCertificateProvider(R"(-----BEGIN CERTIFICATE-----
+FOOOOOOOOOOOOOOIBAgIUZ8JU2geskYAjBMaBTxz6cOAm+P0wDQYJKoZIhvcNAQEL
+BQAwODEQMA4GA1UECgwHZXhhbXBsZTEQMA4GA1UECwwHZXhhbXBsZTESMBAGA1UE
+AwwJbG9jYWxob3N0MB4XDTI0MTAwODE4Mjc1MloXDTI1MTAwODE4Mjc1MlowODEQ
+MA4GA1UECgwHZXhhbXBsZTEQMA4GA1UECwwHZXhhbXBsZTESMBAGA1UEAwwJbG9j
+YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCLNOAEhsB2k
+XZ1KS3Ys81Q3YIeLOhT3Es+qE54lIFrKjRngZ6vTyzkuXhOav3ZaOzWWaCxGhgDI
+9O7c4BYtrBHr0CyapqVCeyGoBvNXSWWxYl0sEegkuJ3VW7b80F02oLTzxO8CIQHL
+4SSEEVrUPpXJgPHi9fUbKQ9dZ4871yVEUvo1rsUNyyXYoYaK+kcE/7qCY1Q9Scmr
+ZbM9DqqSQAqbSxIjlgs34XsOhWhpGFrNvJmE/kjtvp9tXzS8y++QgfmMuPU6mfSv
+NONSENSE3xxBaO6EgTbMgTeVmR0ygXIer9y3hBDdYwB6LgjZIDin1fZR+8LmewN+
+fjaCQjJggwIDAQABo3sweTAdBgNVHQ4EFgQUlBvcjWiNs6MWGkhC46q4Dbg3TPQw
+HwYDVR0jBBgwFoAUlBvcjWiNs6MWGkhC46q4Dbg3TPQwDwYDVR0TAQH/BAUwAwEB
+/zAUBgNVHREEDTALgglsb2NhbGhvc3QwEAYDVR0gBAkwBzAFBgMqAwQwDQYJKoZI
+hvcNAQELBQADggEBALnH5F58Om+AWQ+kkAmsZnc33i+56VfZlRYFr+sEFN8ULDtZ
+l6D1+ILqUXGT/GG1cyQhrxn4VA0Ksz6e/7jJySjZ0Ltezs6gnkcV9ksZOOEH4nuA
+8r1VA7xQ9iN3gGQduk/gbDKa8r6Ucodz7+tZ+DGY1unJLoUrOLBt0rP9UpdIxk8X
+X+F/0oljKZKJ2SswKDLztD0CY3VZhdDHfWlfIls1ttax4eEN1HgMtTyZ0JYdr9Iy
+Dbc8hkR8vIDcwFu31jiHx/BWmv+pjzx4F2qX7tgTG8wM3WHJwqzgrA1IeLliQpo6
+yVMsKq9927ZJXZbL/ewiA1Mm6IBe+SpJ8IafmUk=
+-----END CERTIFICATE-----)");
+
+  auto bad_config = TlsConnectionConfiguration(host, port, bad_cert, auth);
+  auto bad_connection = Connection(bad_config);
+  auto bad_status = bad_connection.RetrieveVersionInfoNoExceptions();
+  EXPECT_EQ(bad_status.GetCode(), StatusCode::CONNECTION_ERROR);
+}
+
 TEST(test_connection, connection_ssl_authentication_success) {
   const auto &connection = ConnectionManager::GetDefaultConnection();