diff --git a/helper/testhelpers/replication/testcluster.go b/helper/testhelpers/replication/testcluster.go
index 8babf36515..2accf9979e 100644
--- a/helper/testhelpers/replication/testcluster.go
+++ b/helper/testhelpers/replication/testcluster.go
@@ -33,6 +33,21 @@ func SetCorePerf(t *testing.T, conf *vault.CoreConfig, opts *vault.TestClusterOp
 	return r
 }
 
+func SetCoreDR(t *testing.T, conf *vault.CoreConfig, opts *vault.TestClusterOptions) *testcluster.ReplicationSet {
+	r := NewReplicationSetCore(t, conf, opts, teststorage.InmemBackendSetup)
+	t.Cleanup(r.Cleanup)
+
+	// By default NewTestCluster will mount a kv under secret/.  This isn't
+	// done by docker-based clusters, so remove this to make us more like that.
+	require.Nil(t, r.Clusters["A"].Nodes()[0].APIClient().Sys().Unmount("secret"))
+
+	err := r.StandardDRReplication(context.Background())
+	if err != nil {
+		t.Fatal(err)
+	}
+	return r
+}
+
 func NewReplicationSetCore(t *testing.T, conf *vault.CoreConfig, opts *vault.TestClusterOptions, setup teststorage.ClusterSetupMutator) *testcluster.ReplicationSet {
 	r := &testcluster.ReplicationSet{
 		Clusters: map[string]testcluster.VaultCluster{},
diff --git a/sdk/helper/testcluster/replication.go b/sdk/helper/testcluster/replication.go
index dc0214a54b..b67455968d 100644
--- a/sdk/helper/testcluster/replication.go
+++ b/sdk/helper/testcluster/replication.go
@@ -463,10 +463,10 @@ func WaitForDRSecondary(ctx context.Context, pri, sec VaultCluster, skipPoisonPi
 	return nil
 }
 
-func EnableDRSecondaryNoWait(ctx context.Context, sec VaultCluster, drToken string) error {
+func EnableDRSecondaryNoWait(ctx context.Context, pri, sec VaultCluster, drToken string) error {
 	postData := map[string]interface{}{
 		"token":   drToken,
-		"ca_file": sec.GetCACertPEMFile(),
+		"ca_file": pri.GetCACertPEMFile(),
 	}
 
 	_, err := sec.Nodes()[0].APIClient().Logical().Write("sys/replication/dr/secondary/enable", postData)
@@ -553,7 +553,7 @@ func WaitForDRReplicationWorking(ctx context.Context, pri, sec VaultCluster) err
 }
 
 func EnableDrSecondary(ctx context.Context, pri, sec VaultCluster, drToken string) error {
-	err := EnableDRSecondaryNoWait(ctx, sec, drToken)
+	err := EnableDRSecondaryNoWait(ctx, pri, sec, drToken)
 	if err != nil {
 		return err
 	}