diff --git a/.github/workflows/artifact_validation.yaml b/.github/workflows/artifact_validation.yaml
index 86ab7c3f..b7bd5613 100644
--- a/.github/workflows/artifact_validation.yaml
+++ b/.github/workflows/artifact_validation.yaml
@@ -18,8 +18,6 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Test artifacts with OQS
-      ## TODO -- actually validate the signature on the TA cert; not just import it. 
-      ##         replace with `openssl verify -check_ss_sig -CAfile <ca cert> <ee cert>`
         run: ./src/test_certs_r3.sh
       - name: Save artifacts
         uses: actions/upload-artifact@v4
diff --git a/src/test_certs_r3.sh b/src/test_certs_r3.sh
index 58b57f58..1074f5bd 100755
--- a/src/test_certs_r3.sh
+++ b/src/test_certs_r3.sh
@@ -39,7 +39,7 @@ for providerdir in $(ls -d $inputdir/*/); do
     # process certs
     zip=${providerdir}$certszipr3
     printf "Unziping %s\n" $zip
-    unzip -o $zip -d "artifacts_certs_r3"
+    unzip -o $zip -d ${providerdir}"artifacts_certs_r3"
 
     # Start the results CSV file
     mkdir -p $outputdir