diff --git a/tests/br_restore_TDE_enable/run.sh b/tests/br_restore_TDE_enable/run.sh
index 5bf67327f..47b54b1b7 100755
--- a/tests/br_restore_TDE_enable/run.sh
+++ b/tests/br_restore_TDE_enable/run.sh
@@ -19,13 +19,34 @@ TABLE="usertable"
 DB_COUNT=3
 
 # start Minio KMS service
-curl -sSL --tlsv1.2 \
-     -O 'https://raw.githubusercontent.com/minio/kes/master/root.key' \
-     -O 'https://raw.githubusercontent.com/minio/kes/master/root.cert'
+# curl -sSL --tlsv1.2 \
+#     -O 'https://raw.githubusercontent.com/minio/kes/master/root.key' \
+#     -O 'https://raw.githubusercontent.com/minio/kes/master/root.cert'
 
-export MINIO_KMS_KES_ENDPOINT=https://play.min.io:7373
-export MINIO_KMS_KES_KEY_FILE=root.key
-export MINIO_KMS_KES_CERT_FILE=root.cert
+rm -rf ./keys
+rm -f server.key server.cert
+bin/kes tool identity new --server --key server.key --cert server.cert --ip "127.0.0.1" --dns localhost
+
+
+# create private key and cert for restoration
+rm -f minio.key minio.cert
+bin/kes tool identity new --key=minio.key --cert=minio.cert minio
+
+export MINIO_IDENTITY=$(bin/kes tool identity of minio.cert)
+bin/kes server --config=tests/config/server-config.yml --auth=off &
+kes_pid=$!
+
+sleep 20
+
+export export KES_SERVER=https://127.0.0.1:7391
+export KES_CLIENT_CERT=minio.cert
+export KES_CLIENT_KEY=minio.key 
+bin/kes key create -k my-minio-key
+
+export MINIO_KMS_KES_ENDPOINT=https://127.0.0.1:7391
+export MINIO_KMS_KES_CERT_FILE=minio.cert
+export MINIO_KMS_KES_KEY_FILE=minio.key
+export MINIO_KMS_KES_CAPATH=server.cert
 export MINIO_KMS_KES_KEY_NAME=my-minio-key
 
 # start the s3 server