diff --git a/.github/scripts/pam-pkcs11-test.sh b/.github/scripts/pam-pkcs11-test.sh
index c49e514a..4c5a53b1 100755
--- a/.github/scripts/pam-pkcs11-test.sh
+++ b/.github/scripts/pam-pkcs11-test.sh
@@ -42,7 +42,7 @@ DEBIAN_FRONTEND=noninteractive apt-get install -y \
 echo "[*] Cloning pam_pkcs11..."
 cd /opt
 if [[ ! -d "pam_pkcs11" ]]; then
-  git clone https://github.com/OpenSC/pam_pkcs11.git
+  git clone --branch=${PAM_PKCS11_REF} https://github.com/OpenSC/pam_pkcs11.git
 fi
 cd pam_pkcs11
 
@@ -63,6 +63,10 @@ fi
 
 echo "[*] Configuring pam_pkcs11..."
 
+# Temporarily unset WOLFPROV_FORCE_FAIL so we can generate certs correctly
+ORIG_WOLFPROV_FORCE_FAIL="${WOLFPROV_FORCE_FAIL:-}"
+unset WOLFPROV_FORCE_FAIL || true
+
 # Generate dummy CA cert if missing
 if [ ! -f /test/certs/test-ca.crt ]; then
     echo "[*] Generating dummy test-ca.crt..."
@@ -99,6 +103,9 @@ cp /etc/pam.d/common-auth /etc/pam.d/common-auth.bak
 echo "auth sufficient pam_pkcs11.so debug" | tee /etc/pam.d/common-auth > /dev/null
 cat /etc/pam.d/common-auth.bak | tee -a /etc/pam.d/common-auth > /dev/null
 
+# Restore WOLFPROV_FORCE_FAIL
+export WOLFPROV_FORCE_FAIL="$ORIG_WOLFPROV_FORCE_FAIL"
+
 echo "[*] Initializing SoftHSM (simulated smartcard)..."
 mkdir -p /var/lib/softhsm/tokens
 softhsm2-util --init-token --free --label "testtoken" --pin 1234 --so-pin 123456
diff --git a/.github/workflows/pam_pkcs11.yml b/.github/workflows/pam-pkcs11.yml
similarity index 91%
rename from .github/workflows/pam_pkcs11.yml
rename to .github/workflows/pam-pkcs11.yml
index b8aa9ef4..4603b1a0 100644
--- a/.github/workflows/pam_pkcs11.yml
+++ b/.github/workflows/pam-pkcs11.yml
@@ -1,4 +1,4 @@
-name: pam_pkcs11 Tests
+name: pam-pkcs11 Tests
 
 # START OF COMMON SECTION
 on:
@@ -64,7 +64,7 @@ jobs:
           source $GITHUB_WORKSPACE/scripts/env-setup
 
           # Run tests
-          if timeout 300 ${{ matrix.force_fail }} sudo bash -c $GITHUB_WORKSPACE/.github/scripts/pam-pkcs11-test.sh; then
+          if timeout 300 sudo bash -c "${{ matrix.force_fail }} PAM_PKCS11_REF=${{ matrix.pam_pkcs11_ref }} $GITHUB_WORKSPACE/.github/scripts/pam-pkcs11-test.sh"; then
             TEST_RESULT=0
           else
             TEST_RESULT=1