diff --git a/bin/tests/system/autosign/ns2/Xbar.+005+30676.key b/bin/tests/system/autosign/ns2/Xbar.+005+30676.key
deleted file mode 100644
index 7428d5caf7..0000000000
--- a/bin/tests/system/autosign/ns2/Xbar.+005+30676.key
+++ /dev/null
@@ -1,5 +0,0 @@
-; This is a key-signing key, keyid 30676, for bar.
-; Created: Sat Dec 26 03:13:10 2009
-; Publish: Sat Dec 26 03:13:10 2009
-; Activate: Sat Dec 26 03:13:10 2009
-bar. IN DNSKEY 257 3 5 AwEAAc7ppysDZjlldTwsvcXcTTOYJd5TvW5RUWWYKRsee+ozwY6C7vNI 0Xp1PiY+H31GhcnNMCjQU00y8Vezo42oJ4kpRTDevL0STksExXi1/wG+ M4j1CFMh2wgJ/9XLFzHaEWzt4sflVBAVZVXa/qNkRWDXYjsr30MWyylA wHCIxEuyA+NxAL6UL+ZuFo1j84AvfwkGcMbXTcOBSCaHT6AJToSXAcCa X4fnKJIzG4RyJoN2GK4TVdj4qSzLxL1lRkYHNqJvcmMjezxUs9A5fHNI iBEBRPs7NKrQJxegAGVn9ALylKHyhJW6uyBjleOWUDom4ej2J1vGrpQT /KCA35toCvU=
diff --git a/bin/tests/system/autosign/ns2/Xbar.+005+30676.private b/bin/tests/system/autosign/ns2/Xbar.+005+30676.private
deleted file mode 100644
index dcc0fbdf17..0000000000
--- a/bin/tests/system/autosign/ns2/Xbar.+005+30676.private
+++ /dev/null
@@ -1,13 +0,0 @@
-Private-key-format: v1.3
-Algorithm: 5 (RSASHA1)
-Modulus: zumnKwNmOWV1PCy9xdxNM5gl3lO9blFRZZgpGx576jPBjoLu80jRenU+Jj4ffUaFyc0wKNBTTTLxV7OjjagniSlFMN68vRJOSwTFeLX/Ab4ziPUIUyHbCAn/1csXMdoRbO3ix+VUEBVlVdr+o2RFYNdiOyvfQxbLKUDAcIjES7ID43EAvpQv5m4WjWPzgC9/CQZwxtdNw4FIJodPoAlOhJcBwJpfh+cokjMbhHImg3YYrhNV2PipLMvEvWVGRgc2om9yYyN7PFSz0Dl8c0iIEQFE+zs0qtAnF6AAZWf0AvKUofKElbq7IGOV45ZQOibh6PYnW8aulBP8oIDfm2gK9Q==
-PublicExponent: AQAB
-PrivateExponent: BcfjYsFCjuH1x4ucdbW09ncOv8ppJXbiJkt9AoP0hFOT2c5wrJ1hNOGnrdvYd2CMBlpUOR+w5BxDP+cF78Q97ogXpcjjTwj+5PuqJLg4+qx8thvacrAkdXIKEsgMytjD2d4/ksQmeBiQ7zgiGyCHC7CYzvxnzXEKlgl4FuzLRy4SH1YiSTxKfw1ANKKHxmw8Xvav9ljubrzNdBEQNs6eJNkC6c3aGqiPFyTWGa90s6t1mwTXSxFqBUR1WlbfyYfuiAK2CAvFHeNo7VuC934ri7ceEq8jeOSuY0IqDq2pA3gVWVOyR4NFLXJWeDA3pjqi109t/WGg9IGydD/hsleP4Q==
-Prime1: /hz+WxAL+9bO1l/857ME/OhxImSp86Xi7eA920sAo5ukOIQAQ6hbaKemYxyUbwBmGHEX9d0GOU+xAgZWUU9PbZgXw0fdf+uw6Hrgfce0rWY+uJpUcVHfjLPFgMC/XYrfcVQ8tsCXqRsIbqL+ynsEkQ4vybLhlSAyFqGqYFk/Qt0=
-Prime2: 0HLxXynoSxUcNW15cbuMRHD34ri8sUQsqCtezofPWcCo/17jqf42W7X9YGO70+BvmG3awSr3LaLf862ovCR5+orwE2MqamAV6JZMyR7nvMNGSHTdg3Kk7Jv7T5Gu7Cg6K+on8pMRW3aIms4gs/Z16j0Gxz74ES9IP3vsvC+q6vk=
-Exponent1: NLeXHRUrJ0fdCSRIt1iwRDeEoPn5OA7GEUtgCcp5i3eSjhb0ZxTaQc/l+NHJCW4vwApWSi9cRy99LUpbResKM1ZGN8EE9rDStqgnQnDXztFTWcDKm+e8VNhGtPtHuARDbqNnJRK3Y+Gz0iAGc8Mpo14qE9IEcoeHXKKVUf+x3BE=
-Exponent2: dKCbJB+SdM/u5IXH+TZyGKkMSLIMATKfucfqV6vs+86rv5Yb0zUEvPNqPNAQe0+LoMF2L7YWblY+71wumHXgOaobAP3u8W2pVGUjuTOtfRPU8x1QAwfV9vye87oTINaxFXkBuNtITuBXNiY2bfprpw9WB4zXxuWpiruPjQsumiE=
-Coefficient: qk8HX5fy74Sx6z3niBfTM/SUEjcsnJCTTmsXy6e7nOXWBK5ihKkmMw7LDhaY4OwjXvaVQH0Z190dfyOkWYTbXInIyNNnqCD+xZXkuzuvsUwLNgvXEFhVnzrrj3ozNiizZsyeAhFCKcITz3ci15HB3y8ZLChGYBPFU1ui7MsSkc8=
-Created: 20091226021310
-Publish: 20091226021310
-Activate: 20091226021310
diff --git a/bin/tests/system/autosign/ns2/Xbar.+005+30804.key b/bin/tests/system/autosign/ns2/Xbar.+005+30804.key
deleted file mode 100644
index ab53d8c607..0000000000
--- a/bin/tests/system/autosign/ns2/Xbar.+005+30804.key
+++ /dev/null
@@ -1,5 +0,0 @@
-; This is a key-signing key, keyid 30804, for bar.
-; Created: Sat Dec 26 03:13:10 2009
-; Publish: Sat Dec 26 03:13:10 2009
-; Activate: Sat Dec 26 03:13:10 2009
-bar. IN DNSKEY 257 3 5 AwEAgc7ppysDZjlldTwsvcXcTTOYJd5TvW5RUWWYKRsee+ozwY6C7vNI 0Xp1PiY+H31GhcnNMCjQU00y8Vezo42oJ4kpRTDevL0STksExXi1/wG+ M4j1CFMh2wgJ/9XLFzHaEWzt4sflVBAVZVXa/qNkRWDXYjsr30MWyylA wHCIxEuyA+NxAL6UL+ZuFo1j84AvfwkGcMbXTcOBSCaHT6AJToSXAcCa X4fnKJIzG4RyJoN2GK4TVdj4qSzLxL1lRkYHNqJvcmMjezxUs9A5fHNI iBEBRPs7NKrQJxegAGVn9ALylKHyhJW6uyBjleOWUDom4ej2J1vGrpQT /KCA35toCvU=
diff --git a/bin/tests/system/autosign/ns2/Xbar.+005+30804.private b/bin/tests/system/autosign/ns2/Xbar.+005+30804.private
deleted file mode 100644
index 79f8d3b4cf..0000000000
--- a/bin/tests/system/autosign/ns2/Xbar.+005+30804.private
+++ /dev/null
@@ -1,13 +0,0 @@
-Private-key-format: v1.3
-Algorithm: 5 (RSASHA1)
-Modulus: zumnKwNmOWV1PCy9xdxNM5gl3lO9blFRZZgpGx576jPBjoLu80jRenU+Jj4ffUaFyc0wKNBTTTLxV7OjjagniSlFMN68vRJOSwTFeLX/Ab4ziPUIUyHbCAn/1csXMdoRbO3ix+VUEBVlVdr+o2RFYNdiOyvfQxbLKUDAcIjES7ID43EAvpQv5m4WjWPzgC9/CQZwxtdNw4FIJodPoAlOhJcBwJpfh+cokjMbhHImg3YYrhNV2PipLMvEvWVGRgc2om9yYyN7PFSz0Dl8c0iIEQFE+zs0qtAnF6AAZWf0AvKUofKElbq7IGOV45ZQOibh6PYnW8aulBP8oIDfm2gK9Q==
-PublicExponent: AQCB
-PrivateExponent: I5TcRq2sbSi1u5a+jL6VVBBu3nyY7p3NXeD1WYYYD66b8RWbgJdTtsZxgixD5sKKrW/xT68d3FUsIjs36w7yp5+g99q7lJ3v35VcMuLXbaKitS/LJdTZF/GIWwRs+DHdt+chh0QeNLzclq8ZfBeTAycFxwC7zVDLsqqcL6/JHiJhHT+dNEqj6/AIOgSYJzVeBI34LtZLW94IKf4dHLzREnLK6+64PFjpwjOG12O9klKfwHRIRN9WUsDG4AuzDSABH+qo2Zc6uJusC/D6HADbiG7tXmLYL6IxanWTbTrx4Hfp01fF+JQCuyOCRmN47X/nCumvDXKMn9Ve5+OlYi0vAQ==
-Prime1: /hz+WxAL+9bO1l/857ME/OhxImSp86Xi7eA920sAo5ukOIQAQ6hbaKemYxyUbwBmGHEX9d0GOU+xAgZWUU9PbZgXw0fdf+uw6Hrgfce0rWY+uJpUcVHfjLPFgMC/XYrfcVQ8tsCXqRsIbqL+ynsEkQ4vybLhlSAyFqGqYFk/Qt0=
-Prime2: 0HLxXynoSxUcNW15cbuMRHD34ri8sUQsqCtezofPWcCo/17jqf42W7X9YGO70+BvmG3awSr3LaLf862ovCR5+orwE2MqamAV6JZMyR7nvMNGSHTdg3Kk7Jv7T5Gu7Cg6K+on8pMRW3aIms4gs/Z16j0Gxz74ES9IP3vsvC+q6vk=
-Exponent1: JDLRyjRz53hTP7H2oaKgQYADs/UDswN2lwWpuag0wsPwQmeRAZZY2TiISPSu+3Mvh4XJ6r5UHQd5FbAN1v2mG4aYgWwoYwoxyvdTLcnQXciX2z+7877GcEyKHPno4fYXRqhVH4i1QjKaQl8dw9LFvzbVvGvvwsHGwQeqPprw7hk=
-Exponent2: vbnob7AZKqKhiVdEcnnhbeZBGcaKkTpE+RAkUL7spNQDiTPvJgo5fcTk/h6G7ijAXK0j62ZHZ3RS7RnaRa+KhO7usPcYMFiJ/VdAyRlIivhyi+WNQ2x4vSygwDy2VV9elljFeNe4dV1Cb+ssE8kAmbP52JjJD6MkhvVLd0u/jMk=
-Coefficient: qk8HX5fy74Sx6z3niBfTM/SUEjcsnJCTTmsXy6e7nOXWBK5ihKkmMw7LDhaY4OwjXvaVQH0Z190dfyOkWYTbXInIyNNnqCD+xZXkuzuvsUwLNgvXEFhVnzrrj3ozNiizZsyeAhFCKcITz3ci15HB3y8ZLChGYBPFU1ui7MsSkc8=
-Created: 20091226021310
-Publish: 20091226021310
-Activate: 20091226021310
diff --git a/bin/tests/system/autosign/ns2/Xbar.+013+59973.key b/bin/tests/system/autosign/ns2/Xbar.+013+59973.key
new file mode 100644
index 0000000000..1f4d1f4d45
--- /dev/null
+++ b/bin/tests/system/autosign/ns2/Xbar.+013+59973.key
@@ -0,0 +1,5 @@
+; This is a key-signing key, keyid 59973, for bar.
+; Created: 20220623022335 (Thu Jun 23 12:23:35 2022)
+; Publish: 20220623022335 (Thu Jun 23 12:23:35 2022)
+; Activate: 20220623022335 (Thu Jun 23 12:23:35 2022)
+bar. IN DNSKEY 257 3 13 QT6CpMaV4BT072+NaKLY5H01Mj2r1MOgsxgoiTAq1Fbf6rrkEWpnbktu Dh9Ol9kuzcUrefxDuxNwsXJu3iDPxw==
diff --git a/bin/tests/system/autosign/ns2/Xbar.+013+59973.private b/bin/tests/system/autosign/ns2/Xbar.+013+59973.private
new file mode 100644
index 0000000000..708d242da3
--- /dev/null
+++ b/bin/tests/system/autosign/ns2/Xbar.+013+59973.private
@@ -0,0 +1,6 @@
+Private-key-format: v1.3
+Algorithm: 13 (ECDSAP256SHA256)
+PrivateKey: joFZ8vCdyqkgMb6rZ0zanrdrzOSCg1GyEJV6tp5F+Bw=
+Created: 20220623022335
+Publish: 20220623022335
+Activate: 20220623022335
diff --git a/bin/tests/system/autosign/ns2/Xbar.+013+60101.key b/bin/tests/system/autosign/ns2/Xbar.+013+60101.key
new file mode 100644
index 0000000000..0c478408a6
--- /dev/null
+++ b/bin/tests/system/autosign/ns2/Xbar.+013+60101.key
@@ -0,0 +1,5 @@
+; This is a key-signing key, keyid 60101, for bar.
+; Created: 20220623022331 (Thu Jun 23 12:23:31 2022)
+; Publish: 20220623022331 (Thu Jun 23 12:23:31 2022)
+; Activate: 20220623022331 (Thu Jun 23 12:23:31 2022)
+bar. IN DNSKEY 257 3 13 dLGGOAE5uJd53Gci9MdymaRTMwsXVn13j05IfGJoVt9ucpeXpoIKVViX JNVE/uO4eJvkHycdEAvdVUWcslEmMQ==
diff --git a/bin/tests/system/autosign/ns2/Xbar.+013+60101.private b/bin/tests/system/autosign/ns2/Xbar.+013+60101.private
new file mode 100644
index 0000000000..6ca837002f
--- /dev/null
+++ b/bin/tests/system/autosign/ns2/Xbar.+013+60101.private
@@ -0,0 +1,6 @@
+Private-key-format: v1.3
+Algorithm: 13 (ECDSAP256SHA256)
+PrivateKey: pTTXxZUTzeVBXHMUJxTMxjh9yU4oxDtEhEvpkj+olf0=
+Created: 20220623022331
+Publish: 20220623022331
+Activate: 20220623022331
diff --git a/bin/tests/system/autosign/ns2/keygen.sh b/bin/tests/system/autosign/ns2/keygen.sh
index a22d7058be..839995ced4 100644
--- a/bin/tests/system/autosign/ns2/keygen.sh
+++ b/bin/tests/system/autosign/ns2/keygen.sh
@@ -49,10 +49,10 @@ zone=bar
 zonefile="${zone}.db"
 infile="${zonefile}.in"
 cat $infile > $zonefile
-for i in Xbar.+005+30676.key Xbar.+005+30804.key Xbar.+005+30676.private \
-	 Xbar.+005+30804.private
+for i in Xbar.+013+59973.key Xbar.+013+59973.private \
+	 Xbar.+013+60101.key Xbar.+013+60101.private
 do
-	cp $i $(echo $i | sed s/X/K/)
+    cp $i $(echo $i | sed s/X/K/)
 done
-$KEYGEN -a RSASHA1 -q $zone > /dev/null
-$DSFROMKEY Kbar.+005+30804.key > dsset-bar$TP
+$KEYGEN -a ECDSAP256SHA256 -q $zone > /dev/null
+$DSFROMKEY Kbar.+013+60101.key > dsset-bar$TP
diff --git a/bin/tests/system/autosign/ns3/keygen.sh b/bin/tests/system/autosign/ns3/keygen.sh
index a5791c816e..53547d3784 100644
--- a/bin/tests/system/autosign/ns3/keygen.sh
+++ b/bin/tests/system/autosign/ns3/keygen.sh
@@ -140,7 +140,7 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 setup rsasha256.example
 cp $infile $zonefile
 ksk=$($KEYGEN -q -a RSASHA256 -b 2048 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a RSASHA256 -b 1024 $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA256 -b 2048 $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
@@ -149,17 +149,24 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 setup rsasha512.example
 cp $infile $zonefile
 ksk=$($KEYGEN -q -a RSASHA512 -b 2048 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a RSASHA512 -b 1024 $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a RSASHA512 -b 2048 $zone > kg.out 2>&1 || dumpit kg.out
 $DSFROMKEY $ksk.key > dsset-${zone}$TP
 
 #
 # NSEC-only zone. A zone using NSEC-only DNSSEC algorithms.
+# None of these algorithms are supported for signing in FIPS mode
+# as they are MD5 and SHA1 based.
 #
-setup nsec-only.example
-cp $infile $zonefile
-ksk=$($KEYGEN -q -a RSASHA1 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a RSASHA1 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+if (cd ..; SYSTEMTESTTOP=.. $SHELL ../testcrypto.sh -q RSASHA1)
+then
+    setup nsec-only.example
+    cp $infile $zonefile
+    ksk=$($KEYGEN -q -a RSASHA1 -fk $zone 2> kg.out) || dumpit kg.out
+    $KEYGEN -q -a RSASHA1 $zone > kg.out 2>&1 || dumpit kg.out
+    $DSFROMKEY $ksk.key > dsset-${zone}$TP
+else
+    echo_i "skip: nsec-only.example - signing with RSASHA1 not supported"
+fi
 
 #
 # Signature refresh test zone.  Signatures are set to expire long
@@ -171,7 +178,7 @@ count=1
 while [ $count -le 1000 ]
 do
     echo "label${count} IN TXT label${count}" >> $zonefile
-    count=$(expr $count + 1)
+    count=$((count + 1))
 done
 $KEYGEN -q -a $DEFAULT_ALGORITHM -fk $zone > kg.out 2>&1 || dumpit kg.out
 $KEYGEN -q -a $DEFAULT_ALGORITHM $zone > kg.out 2>&1 || dumpit kg.out
@@ -182,8 +189,8 @@ mv $zonefile.signed $zonefile
 # NSEC3->NSEC transition test zone.
 #
 setup nsec3-to-nsec.example
-$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -fk $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM $zone > kg.out 2>&1 || dumpit kg.out
 $SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > s.out || dumpit s.out
 
 #
diff --git a/bin/tests/system/autosign/tests.sh b/bin/tests/system/autosign/tests.sh
index 65eb89fd63..4d63c38950 100755
--- a/bin/tests/system/autosign/tests.sh
+++ b/bin/tests/system/autosign/tests.sh
@@ -305,14 +305,18 @@ update add optout.example. 3600 NSEC3PARAM 1 1 10 BEEF
 send
 END
 
-# try to convert nsec-only.example; this should fail due to non-NSEC key
-echo_i "preset nsec3param in unsigned zone via nsupdate ($n)"
-$NSUPDATE > nsupdate.out 2>&1 <<END
+if $SHELL ../testcrypto.sh -q RSASHA1
+then
+    # try to convert nsec-only.example; this should fail due to
+    # non-NSEC3 compatible keys
+    echo_i "preset nsec3param in unsigned zone via nsupdate ($n)"
+    $NSUPDATE > nsupdate.out 2>&1 <<END
 server 10.53.0.3 ${PORT}
 zone nsec-only.example.
 update add nsec-only.example. 3600 NSEC3PARAM 1 0 10 BEEF
 send
 END
+fi
 
 echo_i "checking for nsec3param in unsigned zone ($n)"
 ret=0
@@ -483,7 +487,12 @@ status=$((status + ret))
 
 echo_i "checking NSEC->NSEC3 conversion failed with NSEC-only key ($n)"
 ret=0
-grep "failed: REFUSED" nsupdate.out > /dev/null || ret=1
+if $SHELL ../testcrypto.sh -q RSASHA1
+then
+    grep "failed: REFUSED" nsupdate.out > /dev/null || ret=1
+else
+    echo_i "skip: RSASHA1 not supported"
+fi
 n=$((n + 1))
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
@@ -1137,7 +1146,7 @@ oldserial=$($DIG $DIGOPTS +short soa . @10.53.0.1 | awk '{print $3}')
 sleep 4
 
 echo_i "revoking key to duplicated key ID"
-$SETTIME -R now -K ns2 Kbar.+005+30676.key > settime.out.test$n.3 || ret=1
+$SETTIME -R now -K ns2 Kbar.+013+59973.key > settime.out.test$n.3 || ret=1
 
 ($RNDCCMD 10.53.0.2 loadkeys bar. 2>&1 | sed 's/^/ns2 /' | cat_i) || ret=1
 
@@ -1171,7 +1180,10 @@ checkprivate nsec3.example 10.53.0.3 || ret=1
 checkprivate nsec3.nsec3.example 10.53.0.3 || ret=1
 checkprivate nsec3.optout.example 10.53.0.3 || ret=1
 checkprivate nsec3-to-nsec.example 10.53.0.3 || ret=1
-checkprivate nsec-only.example 10.53.0.3 || ret=1
+if $SHELL ../testcrypto.sh -q RSASHA1
+then
+    checkprivate nsec-only.example 10.53.0.3 || ret=1
+fi
 checkprivate oldsigs.example 10.53.0.3 || ret=1
 checkprivate optout.example 10.53.0.3 || ret=1
 checkprivate optout.nsec3.example 10.53.0.3 || ret=1
@@ -1304,8 +1316,8 @@ status=$((status + ret))
 
 echo_i "checking revoked key with duplicate key ID ($n)"
 ret=0
-id=30676
-rid=30804
+id=59973
+rid=60101
 $DIG $DIGOPTS +multi dnskey bar @10.53.0.2 > dig.out.ns2.test$n || ret=1
 grep '; key id = '"$id"'$' dig.out.ns2.test$n > /dev/null && ret=1
 keys=$(grep '; key id = '"$rid"'$' dig.out.ns2.test$n | wc -l)
diff --git a/bin/tests/system/testcrypto.sh b/bin/tests/system/testcrypto.sh
index 9d1b03b296..c11a8ce892 100644
--- a/bin/tests/system/testcrypto.sh
+++ b/bin/tests/system/testcrypto.sh
@@ -27,7 +27,7 @@ while test "$#" -gt 0; do
                 args="$args -q"
                 quiet=1
                 ;;
-        rsa|RSA)
+        rsa|RSA|rsasha1|RSASHA1)
                 alg="-a RSASHA1"
                 msg="RSA cryptography"
                 ;;