diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 18f3e09..dcb7450 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -12,7 +12,7 @@ jobs:
       TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
       PROJECTNAME: 'web-eid/web-eid-authtoken-validation-php'
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - name: Download Coverity Build Tool
       run: |
         curl --silent --data "token=$TOKEN&project=$PROJECTNAME" -o cov-analysis-linux64.tar.gz https://scan.coverity.com/download/linux64
diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml
index 353dbc8..96f37a9 100644
--- a/.github/workflows/php.yml
+++ b/.github/workflows/php.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
 
     - uses: shivammathur/setup-php@v2
       with:
@@ -26,7 +26,7 @@ jobs:
 
     - name: Cache Composer packages
       id: composer-cache
-      uses: actions/cache@v4
+      uses: actions/cache@v5
       with:
         path: vendor
         key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
diff --git a/src/certificate/CertificateValidator.php b/src/certificate/CertificateValidator.php
index 26d96c4..110aa36 100644
--- a/src/certificate/CertificateValidator.php
+++ b/src/certificate/CertificateValidator.php
@@ -79,7 +79,7 @@ public static function validateIsValidAndSignedByTrustedCA(
 
         if ($certificate->validateSignature()) {
             $chain = $certificate->getChain();
-            $trustedCACert = end($chain);
+            $trustedCACert = next($chain);
 
             // Verify that the trusted CA cert is presently valid before returning the result.
             self::certificateIsValidOnDate($trustedCACert, $now, "Trusted CA");
diff --git a/tests/validator/certvalidators/SubjectCertificateNotRevokedValidatorTest.php b/tests/validator/certvalidators/SubjectCertificateNotRevokedValidatorTest.php
index d4eebe0..dc76ecc 100644
--- a/tests/validator/certvalidators/SubjectCertificateNotRevokedValidatorTest.php
+++ b/tests/validator/certvalidators/SubjectCertificateNotRevokedValidatorTest.php
@@ -56,7 +56,7 @@ public static function setUpBeforeClass(): void
     protected function setUp(): void
     {
         AsnUtil::loadOIDs();
-        $this->trustedValidator = new SubjectCertificateTrustedValidator(new TrustedCertificates([]), new Logger());
+        $this->trustedValidator = new SubjectCertificateTrustedValidator(new TrustedCertificates([Certificates::getTestEsteid2018CAGov()]), new Logger());
         self::setSubjectCertificateIssuerCertificate($this->trustedValidator);
         $this->estEid2018Cert = Certificates::getJaakKristjanEsteid2018Cert();
         $this->configuration = new AuthTokenValidationConfiguration();