diff --git a/ca/bootstrap_test.go b/ca/bootstrap_test.go
index d93de892..e7d0e401 100644
--- a/ca/bootstrap_test.go
+++ b/ca/bootstrap_test.go
@@ -156,7 +156,7 @@ func TestBootstrap(t *testing.T) {
 					}
 					gotTR := got.client.GetTransport().(*http.Transport)
 					wantTR := tt.want.client.GetTransport().(*http.Transport)
-					if !reflect.DeepEqual(gotTR.TLSClientConfig.RootCAs, wantTR.TLSClientConfig.RootCAs) {
+					if !equalPools(gotTR.TLSClientConfig.RootCAs, wantTR.TLSClientConfig.RootCAs) {
 						t.Errorf("Bootstrap() certPool = %v, want %v", gotTR.TLSClientConfig.RootCAs, wantTR.TLSClientConfig.RootCAs)
 					}
 				}
diff --git a/ca/identity/client_test.go b/ca/identity/client_test.go
index 136e839a..c792a6dc 100644
--- a/ca/identity/client_test.go
+++ b/ca/identity/client_test.go
@@ -189,7 +189,7 @@ func TestLoadClient(t *testing.T) {
 				wantTransport := tt.want.Client.Transport.(*http.Transport)
 				if gotTransport.TLSClientConfig.GetClientCertificate == nil {
 					t.Error("LoadClient() transport does not define GetClientCertificate")
-				} else if !reflect.DeepEqual(got.CaURL, tt.want.CaURL) || !reflect.DeepEqual(gotTransport.TLSClientConfig.RootCAs, wantTransport.TLSClientConfig.RootCAs) {
+				} else if !reflect.DeepEqual(got.CaURL, tt.want.CaURL) || !reflect.DeepEqual(gotTransport.TLSClientConfig.RootCAs.Subjects(), wantTransport.TLSClientConfig.RootCAs.Subjects()) {
 					t.Errorf("LoadClient() = %#v, want %#v", got, tt.want)
 				} else {
 					crt, err := gotTransport.TLSClientConfig.GetClientCertificate(nil)
diff --git a/ca/tls_options_test.go b/ca/tls_options_test.go
index e2ed4234..8744bb2b 100644
--- a/ca/tls_options_test.go
+++ b/ca/tls_options_test.go
@@ -149,7 +149,7 @@ func TestAddRootCA(t *testing.T) {
 				t.Errorf("AddRootCA() error = %v", err)
 				return
 			}
-			if !reflect.DeepEqual(ctx.Config, tt.want) {
+			if !reflect.DeepEqual(ctx.Config, tt.want) && !equalPools(ctx.Config.RootCAs, tt.want.RootCAs) {
 				t.Errorf("AddRootCA() = %v, want %v", ctx.Config, tt.want)
 			}
 		})
@@ -181,7 +181,7 @@ func TestAddClientCA(t *testing.T) {
 				t.Errorf("AddClientCA() error = %v", err)
 				return
 			}
-			if !reflect.DeepEqual(ctx.Config, tt.want) {
+			if !reflect.DeepEqual(ctx.Config, tt.want) && !equalPools(ctx.Config.ClientCAs, tt.want.ClientCAs) {
 				t.Errorf("AddClientCA() = %v, want %v", ctx.Config, tt.want)
 			}
 		})
@@ -235,7 +235,7 @@ func TestAddRootsToRootCAs(t *testing.T) {
 				t.Errorf("AddRootsToRootCAs() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
-			if !reflect.DeepEqual(ctx.Config.RootCAs, tt.want.RootCAs) {
+			if !equalPools(ctx.Config.RootCAs, tt.want.RootCAs) {
 				t.Errorf("AddRootsToRootCAs() = %v, want %v", ctx.Config, tt.want)
 			}
 		})
@@ -289,7 +289,7 @@ func TestAddRootsToClientCAs(t *testing.T) {
 				t.Errorf("AddRootsToClientCAs() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
-			if !reflect.DeepEqual(ctx.Config.ClientCAs, tt.want.ClientCAs) {
+			if !equalPools(ctx.Config.ClientCAs, tt.want.ClientCAs) {
 				t.Errorf("AddRootsToClientCAs() = %v, want %v", ctx.Config, tt.want)
 			}
 		})
@@ -471,7 +471,7 @@ func TestAddRootsToCAs(t *testing.T) {
 				t.Errorf("AddRootsToCAs() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
-			if !reflect.DeepEqual(ctx.Config.RootCAs, tt.want.RootCAs) || !reflect.DeepEqual(ctx.Config.ClientCAs, tt.want.ClientCAs) {
+			if !equalPools(ctx.Config.RootCAs, tt.want.RootCAs) || !equalPools(ctx.Config.ClientCAs, tt.want.ClientCAs) {
 				t.Errorf("AddRootsToCAs() = %v, want %v", ctx.Config, tt.want)
 			}
 		})
@@ -543,6 +543,9 @@ func TestAddFederationToCAs(t *testing.T) {
 }
 
 func equalPools(a, b *x509.CertPool) bool {
+	if reflect.DeepEqual(a, b) {
+		return true
+	}
 	subjects := a.Subjects()
 	sA := make([]string, len(subjects))
 	for i := range subjects {