diff --git a/ntp-proto/src/nts_record.rs b/ntp-proto/src/nts_record.rs
index e4e08caf0..49df61af6 100644
--- a/ntp-proto/src/nts_record.rs
+++ b/ntp-proto/src/nts_record.rs
@@ -2105,7 +2105,7 @@ mod test {
     fn test_keyexchange_client() {
         let cert_chain: Vec<rustls::Certificate> =
             rustls_pemfile::certs(&mut std::io::BufReader::new(include_bytes!(
-                "../../test-keys/end.fullchain.pem"
+                "../test-keys/end.fullchain.pem"
             ) as &[u8]))
             .unwrap()
             .into_iter()
@@ -2113,7 +2113,7 @@ mod test {
             .collect();
         let key_der = rustls::PrivateKey(
             rustls_pemfile::pkcs8_private_keys(&mut std::io::BufReader::new(include_bytes!(
-                "../../test-keys/end.key"
+                "../test-keys/end.key"
             )
                 as &[u8]))
             .unwrap()
@@ -2129,7 +2129,7 @@ mod test {
         let mut root_store = rustls::RootCertStore::empty();
         root_store.add_parsable_certificates(
             &rustls_pemfile::certs(&mut std::io::BufReader::new(include_bytes!(
-                "../../test-keys/testca.pem"
+                "../test-keys/testca.pem"
             ) as &[u8]))
             .unwrap(),
         );
@@ -2178,7 +2178,7 @@ mod test {
     fn client_server_pair() -> (KeyExchangeClient, KeyExchangeServer) {
         let cert_chain: Vec<rustls::Certificate> =
             rustls_pemfile::certs(&mut std::io::BufReader::new(include_bytes!(
-                "../../test-keys/end.fullchain.pem"
+                "../test-keys/end.fullchain.pem"
             ) as &[u8]))
             .unwrap()
             .into_iter()
@@ -2186,7 +2186,7 @@ mod test {
             .collect();
         let key_der = rustls::PrivateKey(
             rustls_pemfile::pkcs8_private_keys(&mut std::io::BufReader::new(include_bytes!(
-                "../../test-keys/end.key"
+                "../test-keys/end.key"
             )
                 as &[u8]))
             .unwrap()
@@ -2206,7 +2206,7 @@ mod test {
         let mut root_store = rustls::RootCertStore::empty();
         root_store.add_parsable_certificates(
             &rustls_pemfile::certs(&mut std::io::BufReader::new(include_bytes!(
-                "../../test-keys/testca.pem"
+                "../test-keys/testca.pem"
             ) as &[u8]))
             .unwrap(),
         );
diff --git a/ntp-proto/test-keys b/ntp-proto/test-keys
new file mode 120000
index 000000000..fcfe6b663
--- /dev/null
+++ b/ntp-proto/test-keys
@@ -0,0 +1 @@
+../test-keys
\ No newline at end of file
diff --git a/ntpd/src/daemon/keyexchange.rs b/ntpd/src/daemon/keyexchange.rs
index 3090fe433..9251bdb59 100644
--- a/ntpd/src/daemon/keyexchange.rs
+++ b/ntpd/src/daemon/keyexchange.rs
@@ -524,23 +524,23 @@ mod tests {
 
     #[test]
     fn parse_private_keys() {
-        let input = include_bytes!("../../../test-keys/end.key");
+        let input = include_bytes!("../../test-keys/end.key");
         let _ = private_key_from_bufread(input.as_slice()).unwrap().unwrap();
 
-        let input = include_bytes!("../../../test-keys/testca.key");
+        let input = include_bytes!("../../test-keys/testca.key");
         let _ = private_key_from_bufread(input.as_slice()).unwrap().unwrap();
 
         // openssl does no longer seem to want to generate this format
         // so we use https://github.com/rustls/pemfile/blob/main/tests/data/rsa1024.pkcs1.pem
-        let input = include_bytes!("../../../test-keys/rsa_key.pem");
+        let input = include_bytes!("../../test-keys/rsa_key.pem");
         let _ = private_key_from_bufread(input.as_slice()).unwrap().unwrap();
 
         // openssl ecparam -name prime256v1 -genkey -noout -out ec_key.pem
-        let input = include_bytes!("../../../test-keys/ec_key.pem");
+        let input = include_bytes!("../../test-keys/ec_key.pem");
         let _ = private_key_from_bufread(input.as_slice()).unwrap().unwrap();
 
         // openssl genpkey -algorithm EC -out pkcs8_key.pem -pkeyopt ec_paramgen_curve:prime256v1
-        let input = include_bytes!("../../../test-keys/pkcs8_key.pem");
+        let input = include_bytes!("../../test-keys/pkcs8_key.pem");
         let _ = private_key_from_bufread(input.as_slice()).unwrap().unwrap();
     }
 
@@ -551,8 +551,8 @@ mod tests {
 
         let (_sender, keyset) = tokio::sync::watch::channel(keyset);
         let nts_ke_config = NtsKeConfig {
-            certificate_chain_path: PathBuf::from("../test-keys/end.fullchain.pem"),
-            private_key_path: PathBuf::from("../test-keys/end.key"),
+            certificate_chain_path: PathBuf::from("test-keys/end.fullchain.pem"),
+            private_key_path: PathBuf::from("test-keys/end.key"),
             key_exchange_timeout_ms: 1000,
             listen: "0.0.0.0:5431".parse().unwrap(),
         };
@@ -562,7 +562,7 @@ mod tests {
         // give the server some time to make the port available
         tokio::time::sleep(std::time::Duration::from_millis(100)).await;
 
-        let ca = include_bytes!("../../../test-keys/testca.pem");
+        let ca = include_bytes!("../../test-keys/testca.pem");
         let result = key_exchange_client(
             "localhost".to_string(),
             5431,
diff --git a/ntpd/test-keys b/ntpd/test-keys
new file mode 120000
index 000000000..fcfe6b663
--- /dev/null
+++ b/ntpd/test-keys
@@ -0,0 +1 @@
+../test-keys
\ No newline at end of file