diff --git a/test/test_connection.cpp b/test/test_connection.cpp
index 687f08bc42fb6cb85d6bc000b4962b99770f8b6e..7921012ce61987c7d6582635d709184836f48bc2 100644
--- a/test/test_connection.cpp
+++ b/test/test_connection.cpp
@@ -109,6 +109,55 @@ TEST(test_connection, connection_ssl_authentication_error_wrong_credentials) {
                        "Authentication failed. Username or password wrong.");
 }
 
+TEST(test_connection, connection_ssl_authentication_error_wrong_certificate) {
+  const auto *port_str =
+    linkahead::utility::get_env_fallback("CAOSDB_SERVER_GRPC_PORT_HTTPS", "8443");
+  auto port = std::stoi(port_str);
+  const auto *const host = linkahead::utility::get_env_fallback("CAOSDB_SERVER_HOST", "localhost");
+  const auto path = linkahead::utility::get_env_fallback("CAOSDB_SERVER_CERT", std::string());
+
+  // TODO (JTS): This is a hack. We should use the credentials in the linkahead-client.json
+  const auto *const user = "admin";
+  const auto *const password = "caosdb";
+
+  // first test successful connection
+  auto auth = PlainPasswordAuthenticator(user, password);
+  auto good_cert = PemFileCertificateProvider(path);
+  auto good_config = TlsConnectionConfiguration(host, port, good_cert, auth);
+  auto good_connection = Connection(good_config);
+  const auto good_status = good_connection.RetrieveVersionInfoNoExceptions();
+  EXPECT_EQ(good_status.GetCode(), StatusCode::SUCCESS);
+
+  // replace certificate with a wrong one
+  auto bad_cert = configuration::PemCertificateProvider(R"(-----BEGIN CERTIFICATE-----
+FOOOOOOOOOOOOOOIBAgIUZ8JU2geskYAjBMaBTxz6cOAm+P0wDQYJKoZIhvcNAQEL
+BQAwODEQMA4GA1UECgwHZXhhbXBsZTEQMA4GA1UECwwHZXhhbXBsZTESMBAGA1UE
+AwwJbG9jYWxob3N0MB4XDTI0MTAwODE4Mjc1MloXDTI1MTAwODE4Mjc1MlowODEQ
+MA4GA1UECgwHZXhhbXBsZTEQMA4GA1UECwwHZXhhbXBsZTESMBAGA1UEAwwJbG9j
+YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCLNOAEhsB2k
+XZ1KS3Ys81Q3YIeLOhT3Es+qE54lIFrKjRngZ6vTyzkuXhOav3ZaOzWWaCxGhgDI
+9O7c4BYtrBHr0CyapqVCeyGoBvNXSWWxYl0sEegkuJ3VW7b80F02oLTzxO8CIQHL
+4SSEEVrUPpXJgPHi9fUbKQ9dZ4871yVEUvo1rsUNyyXYoYaK+kcE/7qCY1Q9Scmr
+ZbM9DqqSQAqbSxIjlgs34XsOhWhpGFrNvJmE/kjtvp9tXzS8y++QgfmMuPU6mfSv
+NONSENSE3xxBaO6EgTbMgTeVmR0ygXIer9y3hBDdYwB6LgjZIDin1fZR+8LmewN+
+fjaCQjJggwIDAQABo3sweTAdBgNVHQ4EFgQUlBvcjWiNs6MWGkhC46q4Dbg3TPQw
+HwYDVR0jBBgwFoAUlBvcjWiNs6MWGkhC46q4Dbg3TPQwDwYDVR0TAQH/BAUwAwEB
+/zAUBgNVHREEDTALgglsb2NhbGhvc3QwEAYDVR0gBAkwBzAFBgMqAwQwDQYJKoZI
+hvcNAQELBQADggEBALnH5F58Om+AWQ+kkAmsZnc33i+56VfZlRYFr+sEFN8ULDtZ
+l6D1+ILqUXGT/GG1cyQhrxn4VA0Ksz6e/7jJySjZ0Ltezs6gnkcV9ksZOOEH4nuA
+8r1VA7xQ9iN3gGQduk/gbDKa8r6Ucodz7+tZ+DGY1unJLoUrOLBt0rP9UpdIxk8X
+X+F/0oljKZKJ2SswKDLztD0CY3VZhdDHfWlfIls1ttax4eEN1HgMtTyZ0JYdr9Iy
+Dbc8hkR8vIDcwFu31jiHx/BWmv+pjzx4F2qX7tgTG8wM3WHJwqzgrA1IeLliQpo6
+yVMsKq9927ZJXZbL/ewiA1Mm6IBe+SpJ8IafmUk=
+-----END CERTIFICATE-----)");
+  
+  auto bad_config = TlsConnectionConfiguration(host, port, bad_cert, auth);
+  auto bad_connection = Connection(bad_config);
+  auto bad_status = bad_connection.RetrieveVersionInfoNoExceptions();
+  EXPECT_EQ(bad_status.GetCode(), StatusCode::CONNECTION_ERROR);
+
+}
+
 TEST(test_connection, connection_ssl_authentication_success) {
   const auto &connection = ConnectionManager::GetDefaultConnection();