diff --git a/tests/test_crypto.py b/tests/test_crypto.py
index f0830666cbeaa6d2c4ef0037bfbe88bac12690d6..fa2cb97d3fa1304d4b9e2ec70ce884464315fa86 100644
--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
@@ -48,11 +48,21 @@ def test_get_validity_range_returns_datetime_tuple():
     assert isinstance(not_after, datetime.datetime)
 
 
+def test_get_validity_range_sets_utc_timezone():
+    not_before, not_after = gimmecert.crypto.get_validity_range()
+
+    assert isinstance(not_before.tzinfo, datetime.timezone)
+    assert not_before.tzinfo == datetime.timezone.utc
+
+    assert isinstance(not_after.tzinfo, datetime.timezone)
+    assert not_after.tzinfo == datetime.timezone.utc
+
+
 @travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False)
 def test_get_validity_range_not_before_is_within_15_minutes_of_now():
     not_before, _ = gimmecert.crypto.get_validity_range()
 
-    assert not_before == datetime.datetime(2018, 1, 1, 0, 0)
+    assert not_before == datetime.datetime(2018, 1, 1, 0, 0, tzinfo=datetime.timezone.utc)
 
 
 @travel(datetime.datetime(2018, 1, 1, 0, 15, 0), tick=False)
@@ -95,8 +105,8 @@ def test_issue_certificate_has_correct_content():
 
     assert certificate.issuer == issuer_dn
     assert certificate.subject == subject_dn
-    assert certificate.not_valid_before == not_before
-    assert certificate.not_valid_after == not_after
+    assert certificate.not_valid_before_utc == not_before
+    assert certificate.not_valid_after_utc == not_after
 
 
 def test_generate_ca_hierarchy_returns_list_with_3_elements_for_depth_3():
@@ -213,8 +223,8 @@ def test_generate_ca_hierarchy_certificates_have_same_validity():
     _, level2_certificate = hierarchy[1]
     _, level3_certificate = hierarchy[2]
 
-    assert level1_certificate.not_valid_before == level2_certificate.not_valid_before == level3_certificate.not_valid_before
-    assert level1_certificate.not_valid_after == level2_certificate.not_valid_after == level3_certificate.not_valid_after
+    assert level1_certificate.not_valid_before_utc == level2_certificate.not_valid_before_utc == level3_certificate.not_valid_before_utc
+    assert level1_certificate.not_valid_after_utc == level2_certificate.not_valid_after_utc == level3_certificate.not_valid_after_utc
 
 
 def test_issue_certificate_sets_extensions():
@@ -361,7 +371,7 @@ def test_issue_server_certificate_not_before_is_15_minutes_in_past():
 
     certificate = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate)
 
-    assert certificate.not_valid_before == datetime.datetime(2018, 1, 1, 0, 0)
+    assert certificate.not_valid_before_utc == datetime.datetime(2018, 1, 1, 0, 0, tzinfo=datetime.timezone.utc)
 
 
 def test_issue_server_certificate_not_before_does_not_exceed_ca_validity():
@@ -372,10 +382,10 @@ def test_issue_server_certificate_not_before_does_not_exceed_ca_validity():
 
     private_key = gimmecert.crypto.KeyGenerator('rsa', 2048)()
 
-    with travel(issuer_certificate.not_valid_before - datetime.timedelta(seconds=1), tick=False):
+    with travel(issuer_certificate.not_valid_before_utc - datetime.timedelta(seconds=1), tick=False):
         certificate1 = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate)
 
-    assert certificate1.not_valid_before == issuer_certificate.not_valid_before
+    assert certificate1.not_valid_before_utc == issuer_certificate.not_valid_before_utc
 
 
 def test_issue_server_certificate_not_after_does_not_exceed_ca_validity():
@@ -386,10 +396,10 @@ def test_issue_server_certificate_not_after_does_not_exceed_ca_validity():
 
     private_key = gimmecert.crypto.KeyGenerator('rsa', 2048)()
 
-    with travel(issuer_certificate.not_valid_after + datetime.timedelta(seconds=1), tick=False):
+    with travel(issuer_certificate.not_valid_after_utc + datetime.timedelta(seconds=1), tick=False):
         certificate1 = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate)
 
-    assert certificate1.not_valid_after == issuer_certificate.not_valid_after
+    assert certificate1.not_valid_after_utc == issuer_certificate.not_valid_after_utc
 
 
 def test_issue_server_certificate_incorporates_additional_dns_subject_alternative_names():
@@ -497,7 +507,7 @@ def test_issue_client_certificate_not_before_is_15_minutes_in_past():
 
     certificate = gimmecert.crypto.issue_client_certificate('myclient', private_key.public_key(), issuer_private_key, issuer_certificate)
 
-    assert certificate.not_valid_before == datetime.datetime(2018, 1, 1, 0, 0)
+    assert certificate.not_valid_before_utc == datetime.datetime(2018, 1, 1, 0, 0, tzinfo=datetime.timezone.utc)
 
 
 def test_issue_client_certificate_not_before_does_not_exceed_ca_validity():
@@ -508,10 +518,10 @@ def test_issue_client_certificate_not_before_does_not_exceed_ca_validity():
 
     private_key = gimmecert.crypto.KeyGenerator('rsa', 2048)()
 
-    with travel(issuer_certificate.not_valid_before - datetime.timedelta(seconds=1), tick=False):
+    with travel(issuer_certificate.not_valid_before_utc - datetime.timedelta(seconds=1), tick=False):
         certificate1 = gimmecert.crypto.issue_client_certificate('myclient', private_key.public_key(), issuer_private_key, issuer_certificate)
 
-    assert certificate1.not_valid_before == issuer_certificate.not_valid_before
+    assert certificate1.not_valid_before_utc == issuer_certificate.not_valid_before_utc
 
 
 def test_issue_client_certificate_not_after_does_not_exceed_ca_validity():
@@ -522,10 +532,10 @@ def test_issue_client_certificate_not_after_does_not_exceed_ca_validity():
 
     private_key = gimmecert.crypto.KeyGenerator('rsa', 2048)()
 
-    with travel(issuer_certificate.not_valid_after + datetime.timedelta(seconds=1), tick=False):
+    with travel(issuer_certificate.not_valid_after_utc + datetime.timedelta(seconds=1), tick=False):
         certificate1 = gimmecert.crypto.issue_client_certificate('myclient', private_key.public_key(), issuer_private_key, issuer_certificate)
 
-    assert certificate1.not_valid_after == issuer_certificate.not_valid_after
+    assert certificate1.not_valid_after_utc == issuer_certificate.not_valid_after_utc
 
 
 def test_renew_certificate_returns_certificate():
@@ -575,7 +585,7 @@ def test_renew_certificate_not_before_is_15_minutes_in_past():
     with travel(datetime.datetime(2018, 6, 1, 0, 15, 0), tick=False):
         certificate = gimmecert.crypto.renew_certificate(old_certificate, private_key.public_key(), issuer_private_key, issuer_certificate)
 
-    assert certificate.not_valid_before == datetime.datetime(2018, 6, 1, 0, 0)
+    assert certificate.not_valid_before_utc == datetime.datetime(2018, 6, 1, 0, 0, tzinfo=datetime.timezone.utc)
 
 
 def test_renew_certificate_not_before_does_not_exceed_ca_validity():
@@ -589,10 +599,10 @@ def test_renew_certificate_not_before_does_not_exceed_ca_validity():
         old_certificate = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate)
 
     # Renew certificate.
-    with travel(issuer_certificate.not_valid_before - datetime.timedelta(seconds=1), tick=False):
+    with travel(issuer_certificate.not_valid_before_utc - datetime.timedelta(seconds=1), tick=False):
         certificate = gimmecert.crypto.renew_certificate(old_certificate, private_key.public_key(), issuer_private_key, issuer_certificate)
 
-    assert certificate.not_valid_before == issuer_certificate.not_valid_before
+    assert certificate.not_valid_before_utc == issuer_certificate.not_valid_before_utc
 
 
 def test_renew_certificate_not_after_does_not_exceed_ca_validity():
@@ -606,10 +616,10 @@ def test_renew_certificate_not_after_does_not_exceed_ca_validity():
         old_certificate = gimmecert.crypto.issue_server_certificate('myserver', private_key.public_key(), issuer_private_key, issuer_certificate)
 
     # Renew certificate.
-    with travel(issuer_certificate.not_valid_after + datetime.timedelta(seconds=1), tick=False):
+    with travel(issuer_certificate.not_valid_after_utc + datetime.timedelta(seconds=1), tick=False):
         certificate = gimmecert.crypto.renew_certificate(old_certificate, private_key.public_key(), issuer_private_key, issuer_certificate)
 
-    assert certificate.not_valid_after == issuer_certificate.not_valid_after
+    assert certificate.not_valid_after_utc == issuer_certificate.not_valid_after_utc
 
 
 def test_generate_csr_returns_csr_with_passed_in_dn():