diff --git a/.appveyor.yml b/.appveyor.yml
index 2d5b8bb83e5..7a3beee3079 100644
--- a/.appveyor.yml
+++ b/.appveyor.yml
@@ -36,3 +36,4 @@ before_build:
 
 build_script:
   - go build -o ghostunnel.exe -i .
+  - go test -v .
diff --git a/main_test.go b/main_test.go
index 5617f66d007..77d43edab8c 100644
--- a/main_test.go
+++ b/main_test.go
@@ -82,6 +82,7 @@ func TestIntegrationMain(t *testing.T) {
 
 func TestInitLoggerSyslog(t *testing.T) {
 	*useSyslog = true
+	defer func() { *useSyslog = false }()
 	originalLogger := logger
 	err := initLogger()
 	updatedLogger := logger
@@ -91,10 +92,10 @@ func TestInitLoggerSyslog(t *testing.T) {
 		// get an error from the syslog setup we just warn and skip test.
 		t.Logf("Error setting up syslog for test, skipping: %s", err)
 		t.SkipNow()
+		return
 	}
 	assert.NotEqual(t, originalLogger, updatedLogger, "should have updated logger object")
 	assert.NotNil(t, logger, "logger should never be nil after init")
-	*useSyslog = false
 }
 
 func TestPanicOnError(t *testing.T) {
diff --git a/status_test.go b/status_test.go
index d5d4125ca5b..d6e9fd9aabf 100644
--- a/status_test.go
+++ b/status_test.go
@@ -52,7 +52,7 @@ func (c fakeConn) SetWriteDeadline(t time.Time) error {
 }
 
 func dummyDial() (net.Conn, error) {
-	f, err := os.Open("/dev/null")
+	f, err := os.Open(os.DevNull)
 	panicOnError(err)
 	return fakeConn{f}, nil
 }
diff --git a/tls_test.go b/tls_test.go
index e3d364a72c5..904dee06c47 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -21,6 +21,7 @@ import (
 	"encoding/base64"
 	"io/ioutil"
 	"os"
+	"runtime"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -212,21 +213,30 @@ func TestBuildConfig(t *testing.T) {
 }
 
 func TestCipherSuitePreference(t *testing.T) {
+	tmpCaBundle, err := ioutil.TempFile("", "ghostunnel-test")
+	panicOnError(err)
+
+	tmpCaBundle.WriteString(testCertificate)
+	tmpCaBundle.WriteString("\n")
+
+	tmpCaBundle.Sync()
+	defer os.Remove(tmpCaBundle.Name())
+
 	*enabledCipherSuites = "XYZ"
-	conf, err := buildConfig("")
+	conf, err := buildConfig(tmpCaBundle.Name())
 	assert.NotNil(t, err, "should not be able to build TLS config with invalid cipher suite option")
 
 	*enabledCipherSuites = ""
-	conf, err = buildConfig("")
+	conf, err = buildConfig(tmpCaBundle.Name())
 	assert.NotNil(t, err, "should not be able to build TLS config wihout cipher suite selection")
 
 	*enabledCipherSuites = "CHACHA,AES"
-	conf, err = buildConfig("")
+	conf, err = buildConfig(tmpCaBundle.Name())
 	assert.Nil(t, err, "should be able to build TLS config")
 	assert.True(t, conf.CipherSuites[0] == tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, "expecting ChaCha20")
 
 	*enabledCipherSuites = "AES,CHACHA"
-	conf, err = buildConfig("")
+	conf, err = buildConfig(tmpCaBundle.Name())
 	assert.Nil(t, err, "should be able to build TLS config")
 	assert.True(t, conf.CipherSuites[0] == tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "expecting AES")
 }
@@ -247,6 +257,11 @@ func TestReload(t *testing.T) {
 }
 
 func TestBuildConfigSystemRoots(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		// System roots are not supported on Windows
+		t.SkipNow()
+		return
+	}
 	conf, err := buildConfig("")
 	assert.Nil(t, err, "should be able to build TLS config")
 	assert.NotNil(t, conf.RootCAs, "config must have CA certs")