diff --git a/packages/golangapiserver/spec b/packages/golangapiserver/spec
index db12046d87..b8aacc7cba 100644
--- a/packages/golangapiserver/spec
+++ b/packages/golangapiserver/spec
@@ -28,6 +28,7 @@ files:
 - autoscaler/db/sqldb/* # gosub
 - autoscaler/healthendpoint/* # gosub
 - autoscaler/helpers/* # gosub
+- autoscaler/helpers/auth/* # gosub
 - autoscaler/helpers/handlers/* # gosub
 - autoscaler/metricsforwarder/server/common/* # gosub
 - autoscaler/models/* # gosub
diff --git a/src/autoscaler/helpers/auth/xfcc_auth.go b/src/autoscaler/helpers/auth/xfcc_auth.go
index ba0ec3c3f9..b15405dc4e 100644
--- a/src/autoscaler/helpers/auth/xfcc_auth.go
+++ b/src/autoscaler/helpers/auth/xfcc_auth.go
@@ -57,7 +57,13 @@ func (m *xfccAuthMiddleware) checkAuth(r *http.Request) error {
 		return ErrXFCCHeaderNotFound
 	}
 
-	data, err := base64.StdEncoding.DecodeString(removeQuotes(xfccHeader))
+	attrs := make(map[string]string)
+	for _, v := range strings.Split(xfccHeader, ";") {
+		attr := strings.Split(v, "=")
+		attrs[attr[0]] = attr[1]
+	}
+
+	data, err := base64.StdEncoding.DecodeString(attrs["Cert"])
 	if err != nil {
 		return fmt.Errorf("base64 parsing failed: %w", err)
 	}
@@ -136,10 +142,3 @@ func getOrgGuid(cert *x509.Certificate) string {
 	}
 	return certOrgGuid
 }
-
-func removeQuotes(xfccHeader string) string {
-	if xfccHeader[0] == '"' {
-		xfccHeader = xfccHeader[1 : len(xfccHeader)-1]
-	}
-	return xfccHeader
-}
diff --git a/src/autoscaler/helpers/auth/xfcc_auth_test.go b/src/autoscaler/helpers/auth/xfcc_auth_test.go
index ef8bb4e756..ae63d5db87 100644
--- a/src/autoscaler/helpers/auth/xfcc_auth_test.go
+++ b/src/autoscaler/helpers/auth/xfcc_auth_test.go
@@ -1,8 +1,6 @@
 package auth_test
 
 import (
-	"encoding/base64"
-	"encoding/pem"
 	"net/http"
 	"net/http/httptest"
 
@@ -36,31 +34,28 @@ var _ = Describe("XfccAuthMiddleware", func() {
 
 	AfterEach(func() {
 		server.Close()
+
 	})
 
 	JustBeforeEach(func() {
 		logger := lagertest.NewTestLogger("xfcc-auth-test")
 		buffer = logger.Buffer()
-		xfccAuth := models.XFCCAuth{
+		xm := auth.NewXfccAuthMiddleware(logger, models.XFCCAuth{
 			ValidOrgGuid:   orgGuid,
 			ValidSpaceGuid: spaceGuid,
-		}
-		xm := auth.NewXfccAuthMiddleware(logger, xfccAuth)
+		})
 
-		server = httptest.NewServer(xm.XFCCAuthenticationMiddleware(handler))
+		server = httptest.NewUnstartedServer(xm.XFCCAuthenticationMiddleware(handler))
 
 		req, err := http.NewRequest("GET", server.URL+"/some-protected-endpoint", nil)
+		Expect(err).NotTo(HaveOccurred())
 
 		if len(xfccClientCert) > 0 {
-			block, _ := pem.Decode(xfccClientCert)
-			Expect(err).NotTo(HaveOccurred())
-			Expect(block).ShouldNot(BeNil())
-
-			req.Header.Add("X-Forwarded-Client-Cert", base64.StdEncoding.EncodeToString(block.Bytes))
+			cert := auth.NewCert(string(xfccClientCert))
+			req.Header.Add("X-Forwarded-Client-Cert", cert.GetXFCCHeader())
 		}
-		Expect(err).NotTo(HaveOccurred())
 
-		resp, err = http.DefaultClient.Do(req)
+		resp, err = server.Client().Do(req)
 		Expect(err).NotTo(HaveOccurred())
 	})
 
diff --git a/src/autoscaler/scalingengine/cmd/scalingengine/scalingengine_test.go b/src/autoscaler/scalingengine/cmd/scalingengine/scalingengine_test.go
index 0f3915f3ae..b160d8e98f 100644
--- a/src/autoscaler/scalingengine/cmd/scalingengine/scalingengine_test.go
+++ b/src/autoscaler/scalingengine/cmd/scalingengine/scalingengine_test.go
@@ -15,9 +15,7 @@ import (
 	"github.com/onsi/gomega/gbytes"
 
 	"bytes"
-	"encoding/base64"
 	"encoding/json"
-	"encoding/pem"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -280,11 +278,3 @@ var _ = Describe("Main", func() {
 		})
 	})
 })
-
-func setXFCCCertHeader(req *http.Request, orgGuid, spaceGuid string) {
-	xfccClientCert, err := GenerateClientCert(orgGuid, spaceGuid)
-	block, _ := pem.Decode(xfccClientCert)
-	Expect(err).NotTo(HaveOccurred())
-	Expect(block).ShouldNot(BeNil())
-	req.Header.Add("X-Forwarded-Client-Cert", base64.StdEncoding.EncodeToString(block.Bytes))
-}