diff --git a/builtin/credential/cert/backend_test.go b/builtin/credential/cert/backend_test.go
index 5977ba1ef3..e4ed7e67b6 100644
--- a/builtin/credential/cert/backend_test.go
+++ b/builtin/credential/cert/backend_test.go
@@ -101,15 +101,6 @@ func connectionState(t *testing.T, serverCAPath, serverCertPath, serverKeyPath,
 	return connState
 }
 
-func failOnError(t *testing.T, resp *logical.Response, err error) {
-	if resp != nil && resp.IsError() {
-		t.Fatalf("error returned in response: %s", resp.Data["error"])
-	}
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
 func TestBackend_RegisteredNonCA_CRL(t *testing.T) {
 	config := logical.TestBackendConfig()
 	storage := &logical.InmemStorage{}
@@ -140,7 +131,9 @@ func TestBackend_RegisteredNonCA_CRL(t *testing.T) {
 	}
 
 	resp, err := b.HandleRequest(certReq)
-	failOnError(t, resp, err)
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("err:%v resp:%#v", err, resp)
+	}
 
 	// Connection state is presenting the client Non-CA cert and its key.
 	// This is exactly what is registered at the backend.
@@ -155,7 +148,9 @@ func TestBackend_RegisteredNonCA_CRL(t *testing.T) {
 	}
 	// Login should succeed.
 	resp, err = b.HandleRequest(loginReq)
-	failOnError(t, resp, err)
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("err:%v resp:%#v", err, resp)
+	}
 
 	// Register a CRL containing the issued client certificate used above.
 	issuedCRL, err := ioutil.ReadFile(testIssuedCertCRL)
@@ -172,7 +167,9 @@ func TestBackend_RegisteredNonCA_CRL(t *testing.T) {
 		Data:      crlData,
 	}
 	resp, err = b.HandleRequest(crlReq)
-	failOnError(t, resp, err)
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("err:%v resp:%#v", err, resp)
+	}
 
 	// Attempt login with the same connection state but with the CRL registered
 	resp, err = b.HandleRequest(loginReq)
@@ -214,7 +211,9 @@ func TestBackend_CRLs(t *testing.T) {
 	}
 
 	resp, err := b.HandleRequest(certReq)
-	failOnError(t, resp, err)
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("err:%v resp:%#v", err, resp)
+	}
 
 	// Connection state is presenting the client CA cert and its key.
 	// This is exactly what is registered at the backend.
@@ -228,7 +227,9 @@ func TestBackend_CRLs(t *testing.T) {
 		},
 	}
 	resp, err = b.HandleRequest(loginReq)
-	failOnError(t, resp, err)
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("err:%v resp:%#v", err, resp)
+	}
 
 	// Now, without changing the registered client CA cert, present from
 	// the client side, a cert issued using the registered CA.
@@ -237,7 +238,9 @@ func TestBackend_CRLs(t *testing.T) {
 
 	// Attempt login with the updated connection
 	resp, err = b.HandleRequest(loginReq)
-	failOnError(t, resp, err)
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("err:%v resp:%#v", err, resp)
+	}
 
 	// Register a CRL containing the issued client certificate used above.
 	issuedCRL, err := ioutil.ReadFile(testIssuedCertCRL)
@@ -255,7 +258,9 @@ func TestBackend_CRLs(t *testing.T) {
 		Data:      crlData,
 	}
 	resp, err = b.HandleRequest(crlReq)
-	failOnError(t, resp, err)
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("err:%v resp:%#v", err, resp)
+	}
 
 	// Attempt login with the revoked certificate.
 	resp, err = b.HandleRequest(loginReq)
@@ -273,7 +278,9 @@ func TestBackend_CRLs(t *testing.T) {
 	}
 	certData["certificate"] = clientCA2
 	resp, err = b.HandleRequest(certReq)
-	failOnError(t, resp, err)
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("err:%v resp:%#v", err, resp)
+	}
 
 	// Test login using a different client CA cert pair.
 	connState = connectionState(t, serverCAPath, serverCertPath, serverKeyPath, testRootCACertPath2, testRootCAKeyPath2)
@@ -281,7 +288,9 @@ func TestBackend_CRLs(t *testing.T) {
 
 	// Attempt login with the updated connection
 	resp, err = b.HandleRequest(loginReq)
-	failOnError(t, resp, err)
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("err:%v resp:%#v", err, resp)
+	}
 
 	// Register a CRL containing the root CA certificate used above.
 	rootCRL, err := ioutil.ReadFile(testRootCertCRL)
@@ -290,7 +299,9 @@ func TestBackend_CRLs(t *testing.T) {
 	}
 	crlData["crl"] = rootCRL
 	resp, err = b.HandleRequest(crlReq)
-	failOnError(t, resp, err)
+	if err != nil || (resp != nil && resp.IsError()) {
+		t.Fatalf("err:%v resp:%#v", err, resp)
+	}
 
 	// Attempt login with the same connection state but with the CRL registered
 	resp, err = b.HandleRequest(loginReq)