diff --git a/authserv/server.py b/authserv/server.py
index 510b060011e9cc675a584395c962742fd8ffdb6e..29c8c2e78c2188f23efa4e120355865f38e85110 100644
--- a/authserv/server.py
+++ b/authserv/server.py
@@ -79,17 +79,17 @@ def create_app(userdb=None, mc=None):
     return app
 
 
-def run_werkzeug(addr, port, ssl_ca, ssl_cert, ssl_key, dh_params):
+def run_werkzeug(flask_app, addr, port, ssl_ca, ssl_cert, ssl_key, dh_params):
     ssl_ctx = None
     if ssl_ca and os.path.exists(ssl_ca):
         from authserv import openssl
         ssl_ctx = openssl.create_server_context(
-            ssl_cert, ssl_key, ssl_ca, dhparams)
+            ssl_cert, ssl_key, ssl_ca, dh_params)
     logging.info('starting werkzeug server on %s:%d', addr, port)
-    create_app().run(host=addr, port=port, use_reloader=False, ssl_context=ssl_ctx)
+    flask_app.run(host=addr, port=port, use_reloader=False, ssl_context=ssl_ctx)
 
 
-def run_gevent(addr, port, ssl_ca, ssl_cert, ssl_key, dh_params):
+def run_gevent(flask_app, addr, port, ssl_ca, ssl_cert, ssl_key, dh_params):
     from gevent.monkey import patch_all
     patch_all()
     from gevent.pywsgi import WSGIServer
@@ -105,10 +105,10 @@ def run_gevent(addr, port, ssl_ca, ssl_cert, ssl_key, dh_params):
             'ssl_version': ssl.PROTOCOL_TLSv1,
         }
     logging.info('starting gevent server on %s:%d', addr, port)
-    WSGIServer((addr, port), create_app().wsgi_app, **ssl_args).serve_forever()
+    WSGIServer((addr, port), flask_app.wsgi_app, **ssl_args).serve_forever()
 
 
-def run(engines, addr, port, ssl_ca, ssl_cert, ssl_key, dh_params):
+def run(flask_app, engines, addr, port, ssl_ca, ssl_cert, ssl_key, dh_params):
     if engines:
         engines = engines.split(',')
     else:
@@ -120,7 +120,7 @@ def run(engines, addr, port, ssl_ca, ssl_cert, ssl_key, dh_params):
             logging.error('Unknown HTTP engine "%s"', e)
             continue
         try:
-            return fn(addr, port, ssl_ca, ssl_cert, ssl_key, dh_params)
+            return fn(flask_app, addr, port, ssl_ca, ssl_cert, ssl_key, dh_params)
         except ImportError:
             pass
 
@@ -174,7 +174,8 @@ def main():
     signal.signal(signal.SIGINT, _stopall)
     signal.signal(signal.SIGTERM, _stopall)
 
-    run(opts.engine, opts.addr, opts.port, opts.ssl_ca,
+    run(create_app(),
+        opts.engine, opts.addr, opts.port, opts.ssl_ca,
         opts.ssl_cert, opts.ssl_key, opts.dh_params)
 
 
diff --git a/authserv/test/test_integration.py b/authserv/test/test_integration.py
index 80bb97ca9310cb26a45b641dcb712fb6f3e710fd..5db318a5b998a020443b9ca8abbb97bcedcb43c1 100644
--- a/authserv/test/test_integration.py
+++ b/authserv/test/test_integration.py
@@ -1,5 +1,6 @@
 import httplib
 import os
+import socket
 import subprocess
 import sys
 import time
@@ -17,6 +18,14 @@ def _relpath(x):
     return os.path.join(os.path.dirname(__file__), x)
 
 
+def _free_port():
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, socket.IPPROTO_TCP)
+    s.bind(('127.0.0.1', 0))
+    port = s.getsockname()[1]
+    s.close()
+    return port
+
+
 class HTTPSClientAuthHandler(urllib2.HTTPSHandler):
 
     def __init__(self, cert, key):
@@ -36,12 +45,10 @@ class HTTPSClientAuthHandler(urllib2.HTTPSHandler):
 
 class SSLServerTest(unittest.TestCase):
 
-    port = 63127
-
-    ssl_ca = _relpath('testca/ca.pem')
-    ssl_cert = _relpath('testca/certs/server.pem')
+    ssl_ca = _relpath('testca/public/ca.pem')
+    ssl_cert = _relpath('testca/public/certs/server.pem')
     ssl_key = _relpath('testca/private/server.key')
-    client_cert = _relpath('testca/certs/client.pem')
+    client_cert = _relpath('testca/public/certs/client.pem')
     client_key = _relpath('testca/private/client.key')
     dhparams = _relpath('testca/dhparams')
 
@@ -56,7 +63,8 @@ class SSLServerTest(unittest.TestCase):
                 'DEBUG': True,
                 })
 
-        self._start_server()
+        self.port = _free_port()
+        self._start_server(app)
 
         self.opener = urllib2.build_opener(
             HTTPSClientAuthHandler(self.client_cert, self.client_key))
@@ -64,13 +72,14 @@ class SSLServerTest(unittest.TestCase):
     def tearDown(self):
         os.kill(self.pid, 15)
 
-    def _start_server(self):
+    def _start_server(self, app):
         """Run an SSL-enabled HTTP server as a separate process."""
         pid = os.fork()
         if pid == 0:
             print >>sys.stderr, 'starting server on port %d' % self.port
-            server.run(None, '127.0.0.1', self.port, self.ssl_ca,
-                       self.ssl_cert, self.ssl_key, self.dhparams)
+            server.run_gevent(
+                app, '127.0.0.1', self.port, self.ssl_ca,
+                self.ssl_cert, self.ssl_key, self.dhparams)
         else:
             self.pid = pid
             time.sleep(0.2)