diff --git a/cmd/cashier/client_test.go b/cmd/cashier/client_test.go
index dcf674b294429cfea050884c86b87160c8484a67..8fe3cd094bdb02cd54cbdbcbd9c0f66ed506f9a0 100644
--- a/cmd/cashier/client_test.go
+++ b/cmd/cashier/client_test.go
@@ -19,6 +19,7 @@ import (
 )
 
 func TestLoadCert(t *testing.T) {
+	t.Parallel()
 	priv, _ := ssh.ParseRawPrivateKey(testdata.Priv)
 	key := priv.(*rsa.PrivateKey)
 	pub, _ := ssh.NewPublicKey(&key.PublicKey)
@@ -58,6 +59,7 @@ func TestLoadCert(t *testing.T) {
 }
 
 func TestSignGood(t *testing.T) {
+	t.Parallel()
 	res := &lib.SignResponse{
 		Status:   "ok",
 		Response: string(testdata.Cert),
@@ -86,6 +88,7 @@ func TestSignGood(t *testing.T) {
 }
 
 func TestSignBad(t *testing.T) {
+	t.Parallel()
 	res := &lib.SignResponse{
 		Status:   "error",
 		Response: `{"response": "error"}`,
diff --git a/cmd/cashierd/handlers_test.go b/cmd/cashierd/handlers_test.go
index db5efb4043aa00bcb7e55eb2626b7dc31944fb3c..38251ce7e2d3bd6a0493f688d7c8382740cef5c7 100644
--- a/cmd/cashierd/handlers_test.go
+++ b/cmd/cashierd/handlers_test.go
@@ -51,6 +51,7 @@ func newContext(t *testing.T) *appContext {
 }
 
 func TestLoginHandler(t *testing.T) {
+	t.Parallel()
 	req, _ := http.NewRequest("GET", "/auth/login", nil)
 	resp := httptest.NewRecorder()
 	loginHandler(newContext(t), resp, req)
@@ -60,6 +61,7 @@ func TestLoginHandler(t *testing.T) {
 }
 
 func TestCallbackHandler(t *testing.T) {
+	t.Parallel()
 	req, _ := http.NewRequest("GET", "/auth/callback", nil)
 	req.Form = url.Values{"state": []string{"state"}, "code": []string{"abcdef"}}
 	resp := httptest.NewRecorder()
@@ -72,6 +74,7 @@ func TestCallbackHandler(t *testing.T) {
 }
 
 func TestRootHandler(t *testing.T) {
+	t.Parallel()
 	req, _ := http.NewRequest("GET", "/", nil)
 	resp := httptest.NewRecorder()
 	ctx := newContext(t)
@@ -87,6 +90,7 @@ func TestRootHandler(t *testing.T) {
 }
 
 func TestRootHandlerNoSession(t *testing.T) {
+	t.Parallel()
 	req, _ := http.NewRequest("GET", "/", nil)
 	resp := httptest.NewRecorder()
 	ctx := newContext(t)
@@ -97,6 +101,7 @@ func TestRootHandlerNoSession(t *testing.T) {
 }
 
 func TestSignRevoke(t *testing.T) {
+	t.Parallel()
 	s, _ := json.Marshal(&lib.SignRequest{
 		Key:        string(testdata.Pub),
 		ValidUntil: time.Now().UTC().Add(1 * time.Hour),
diff --git a/server/certutil/util_test.go b/server/certutil/util_test.go
index abb8f10d1b9d756e8d5593ae76aec0b4f5925289..df42b90a3515d09f307253cbe9d5bdfb4326cbdb 100644
--- a/server/certutil/util_test.go
+++ b/server/certutil/util_test.go
@@ -8,6 +8,7 @@ import (
 )
 
 func TestGetPublicKey(t *testing.T) {
+	t.Parallel()
 	c, _, _, _, _ := ssh.ParseAuthorizedKey(testdata.Cert)
 	if GetPublicKey(c.(*ssh.Certificate)) != string(testdata.Cert) {
 		t.Fail()
diff --git a/server/config/config_test.go b/server/config/config_test.go
index 982e6e6b92874feb93fe08564517e0a0e490ef6d..3a9d4c10c2e99530464d6dc6bd356e7745f050a7 100644
--- a/server/config/config_test.go
+++ b/server/config/config_test.go
@@ -10,6 +10,7 @@ import (
 )
 
 func TestServerConfig(t *testing.T) {
+	t.Parallel()
 	a := assert.New(t)
 	c, err := ReadConfig(bytes.NewBuffer(testdata.ServerConfig))
 	if err != nil {
@@ -26,6 +27,7 @@ func TestServerConfig(t *testing.T) {
 }
 
 func TestAuthConfig(t *testing.T) {
+	t.Parallel()
 	a := assert.New(t)
 	c, err := ReadConfig(bytes.NewBuffer(testdata.AuthConfig))
 	if err != nil {
@@ -41,6 +43,7 @@ func TestAuthConfig(t *testing.T) {
 }
 
 func TestSSHConfig(t *testing.T) {
+	t.Parallel()
 	a := assert.New(t)
 	c, err := ReadConfig(bytes.NewBuffer(testdata.SSHConfig))
 	if err != nil {
diff --git a/server/signer/signer_test.go b/server/signer/signer_test.go
index 9c76f4bdb6381ad7e2e8863380013d6ca6e89b58..5fbf2c6ae1ee8e5ffe525eadb12a132fc74d8b81 100644
--- a/server/signer/signer_test.go
+++ b/server/signer/signer_test.go
@@ -24,6 +24,7 @@ var (
 )
 
 func TestCert(t *testing.T) {
+	t.Parallel()
 	r := &lib.SignRequest{
 		Key:        string(testdata.Pub),
 		Principal:  "gopher1",
@@ -53,6 +54,7 @@ func TestCert(t *testing.T) {
 }
 
 func TestRevocationList(t *testing.T) {
+	t.Parallel()
 	r := &lib.SignRequest{
 		Key:        string(testdata.Pub),
 		Principal:  "revoked",
diff --git a/server/store/config_test.go b/server/store/config_test.go
index f262b571ec94687939e30df950a61907f6bd06e8..9a77027d45df10e935e9fb2808233bef0abde75d 100644
--- a/server/store/config_test.go
+++ b/server/store/config_test.go
@@ -9,6 +9,7 @@ import (
 )
 
 func TestMySQLConfig(t *testing.T) {
+	t.Parallel()
 	var tests = []struct {
 		in  string
 		out []string
@@ -26,6 +27,7 @@ func TestMySQLConfig(t *testing.T) {
 }
 
 func TestMongoConfig(t *testing.T) {
+	t.Parallel()
 	var tests = []struct {
 		in  string
 		out *mgo.DialInfo
diff --git a/server/store/store_test.go b/server/store/store_test.go
index 629230bfe0e2a053aa29e5f6817a30a45e315334..18fa0d1f3a0b40b186f8d4e55bc579d43aa72a5c 100644
--- a/server/store/store_test.go
+++ b/server/store/store_test.go
@@ -17,6 +17,7 @@ import (
 )
 
 func TestParseCertificate(t *testing.T) {
+	t.Parallel()
 	a := assert.New(t)
 	now := uint64(time.Now().Unix())
 	r, _ := rsa.GenerateKey(rand.Reader, 1024)
@@ -88,11 +89,13 @@ func testStore(t *testing.T, db CertStorer) {
 }
 
 func TestMemoryStore(t *testing.T) {
+	t.Parallel()
 	db := NewMemoryStore()
 	testStore(t, db)
 }
 
 func TestMySQLStore(t *testing.T) {
+	t.Parallel()
 	config := os.Getenv("MYSQL_TEST_CONFIG")
 	if config == "" {
 		t.Skip("No MYSQL_TEST_CONFIG environment variable")
@@ -105,6 +108,7 @@ func TestMySQLStore(t *testing.T) {
 }
 
 func TestMongoStore(t *testing.T) {
+	t.Parallel()
 	config := os.Getenv("MONGO_TEST_CONFIG")
 	if config == "" {
 		t.Skip("No MONGO_TEST_CONFIG environment variable")
@@ -117,6 +121,7 @@ func TestMongoStore(t *testing.T) {
 }
 
 func TestSQLiteStore(t *testing.T) {
+	t.Parallel()
 	f, err := ioutil.TempFile("", "sqlite_test_db")
 	if err != nil {
 		t.Error(err)