diff --git a/acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb b/acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb
index c3b5b6795..6b0566e01 100644
--- a/acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb
+++ b/acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb
@@ -1,12 +1,12 @@
 test_name "generate a helpful error message when hostname doesn't match server certificate"
 
 step "Clear any existing SSL directories"
-on(hosts, "rm -r #{config['puppetpath']}/ssl")
+on(hosts, "rm -rf #{config['puppetpath']}/ssl")
 
 # Start the master with a certname not matching its hostname
-with_master_running_on(master, "--certname foobar_not_my_hostname --certdnsnames one_cert:two_cert:red_cert:blue_cert --autosign true") do
+with_master_running_on(master, "--certname foobar_not_my_hostname --dns_alt_names one_cert,two_cert,red_cert,blue_cert --autosign true") do
   run_agent_on(agents, "--no-daemonize --verbose --onetime --server #{master}", :acceptable_exit_codes => (1..255)) do
-    msg = "Server hostname '#{master}' did not match server certificate; expected one of foobar_not_my_hostname, one_cert, two_cert, red_cert, blue_cert"
+    msg = "Server hostname '#{master}' did not match server certificate; expected one of foobar_not_my_hostname, DNS:blue_cert, DNS:foobar_not_my_hostname, DNS:one_cert, DNS:red_cert, DNS:two_cert"
     assert_match(msg, stdout)
   end
 end
diff --git a/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb b/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb
index a34a3e718..edd52b46c 100644
--- a/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb
+++ b/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb
@@ -1,48 +1,48 @@
 test_name "#3360: Allow duplicate CSR when allow_duplicate_certs is on"
 
 agent_hostnames = agents.map {|a| a.to_s}
 
 step "Remove existing SSL directory for hosts"
 on hosts, "rm -r #{config['puppetpath']}/ssl"
 
-with_master_running_on master, "--allow_duplicate_certs --certdnsnames=\"puppet:$(hostname -s):$(hostname -f)\" --verbose --noop" do
+with_master_running_on master, "--allow_duplicate_certs --dns_alt_names=\"puppet,$(hostname -s),$(hostname -f)\" --verbose --noop" do
   step "Generate a certificate request for the agent"
   on agents, "puppet certificate generate `hostname -f` --ca-location remote --server #{master}"
 
   step "Collect the original certs"
   on master, puppet_cert("--sign --all")
   original_certs = on master, puppet_cert("--list --all")
 
   old_certs = {}
   original_certs.stdout.each_line do |line|
     if line =~ /^\+ (\S+) \((.+)\)$/
       old_certs[$1] = $2
       puts "old cert: #{$1} #{$2}"
     end
   end
 
   step "Make another request with the same certname"
   on agents, "puppet certificate generate `hostname -f` --ca-location remote --server #{master}"
 
   step "Collect the new certs"
 
   on master, puppet_cert("--sign --all")
   new_cert_list = on master, puppet_cert("--list --all")
 
   new_certs = {}
   new_cert_list.stdout.each_line do |line|
     if line =~ /^\+ (\S+) \((.+)\)$/
       new_certs[$1] = $2
       puts "new cert: #{$1} #{$2}"
     end
   end
 
   step "Verify the certs have changed"
   # using the agent name as the key may cause errors;
   # agent name from cfg file is likely to have short name
   # where certs might be signed with long names.
   old_certs.each_key { |key|
     next if key.include? master # skip the masters cert, only care about agents
     assert_not_equal(old_certs[key], new_certs[key], "Expected #{key} to have a changed key")
   }
 end