diff --git a/authority/tls_test.go b/authority/tls_test.go
index 9330f0a3..23d2f8fa 100644
--- a/authority/tls_test.go
+++ b/authority/tls_test.go
@@ -1301,8 +1301,11 @@ func TestAuthority_Revoke(t *testing.T) {
 
 	a := testAuthority(t)
 
+	tlsRevokeCtx := provisioner.NewContextWithMethod(context.Background(), provisioner.RevokeMethod)
+
 	type test struct {
 		auth            *Authority
+		ctx             context.Context
 		opts            *RevokeOptions
 		err             error
 		code            int
@@ -1312,6 +1315,7 @@ func TestAuthority_Revoke(t *testing.T) {
 		"fail/token/authorizeRevoke error": func() test {
 			return test{
 				auth: a,
+				ctx:  tlsRevokeCtx,
 				opts: &RevokeOptions{
 					OTT:        "foo",
 					Serial:     "sn",
@@ -1336,6 +1340,7 @@ func TestAuthority_Revoke(t *testing.T) {
 
 			return test{
 				auth: a,
+				ctx:  tlsRevokeCtx,
 				opts: &RevokeOptions{
 					Serial:     "sn",
 					ReasonCode: reasonCode,
@@ -1375,6 +1380,7 @@ func TestAuthority_Revoke(t *testing.T) {
 
 			return test{
 				auth: _a,
+				ctx:  tlsRevokeCtx,
 				opts: &RevokeOptions{
 					Serial:     "sn",
 					ReasonCode: reasonCode,
@@ -1414,6 +1420,7 @@ func TestAuthority_Revoke(t *testing.T) {
 
 			return test{
 				auth: _a,
+				ctx:  tlsRevokeCtx,
 				opts: &RevokeOptions{
 					Serial:     "sn",
 					ReasonCode: reasonCode,
@@ -1451,6 +1458,7 @@ func TestAuthority_Revoke(t *testing.T) {
 			assert.FatalError(t, err)
 			return test{
 				auth: _a,
+				ctx:  tlsRevokeCtx,
 				opts: &RevokeOptions{
 					Serial:     "sn",
 					ReasonCode: reasonCode,
@@ -1467,6 +1475,7 @@ func TestAuthority_Revoke(t *testing.T) {
 
 			return test{
 				auth: _a,
+				ctx:  tlsRevokeCtx,
 				opts: &RevokeOptions{
 					Crt:        crt,
 					Serial:     "102012593071130646873265215610956555026",
@@ -1491,6 +1500,7 @@ func TestAuthority_Revoke(t *testing.T) {
 
 			return test{
 				auth: _a,
+				ctx:  tlsRevokeCtx,
 				opts: &RevokeOptions{
 					Crt:        crt,
 					Serial:     "102012593071130646873265215610956555026",
@@ -1508,6 +1518,7 @@ func TestAuthority_Revoke(t *testing.T) {
 
 			return test{
 				auth: _a,
+				ctx:  tlsRevokeCtx,
 				opts: &RevokeOptions{
 					Crt:        crt,
 					Serial:     "102012593071130646873265215610956555026",
@@ -1517,12 +1528,42 @@ func TestAuthority_Revoke(t *testing.T) {
 				},
 			}
 		},
+		"ok/ssh": func() test {
+			a := testAuthority(t, WithDatabase(&db.MockAuthDB{
+				MRevoke: func(rci *db.RevokedCertificateInfo) error {
+					return errors.New("Revoke was called")
+				},
+				MRevokeSSH: func(rci *db.RevokedCertificateInfo) error {
+					return nil
+				},
+			}))
+
+			cl := jwt.Claims{
+				Subject:   "sn",
+				Issuer:    validIssuer,
+				NotBefore: jwt.NewNumericDate(now),
+				Expiry:    jwt.NewNumericDate(now.Add(time.Minute)),
+				Audience:  validAudience,
+				ID:        "44",
+			}
+			raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
+			assert.FatalError(t, err)
+			return test{
+				auth: a,
+				ctx:  provisioner.NewContextWithMethod(context.Background(), provisioner.SSHRevokeMethod),
+				opts: &RevokeOptions{
+					Serial:     "sn",
+					ReasonCode: reasonCode,
+					Reason:     reason,
+					OTT:        raw,
+				},
+			}
+		},
 	}
 	for name, f := range tests {
 		tc := f()
 		t.Run(name, func(t *testing.T) {
-			ctx := provisioner.NewContextWithMethod(context.Background(), provisioner.RevokeMethod)
-			if err := tc.auth.Revoke(ctx, tc.opts); err != nil {
+			if err := tc.auth.Revoke(tc.ctx, tc.opts); err != nil {
 				if assert.NotNil(t, tc.err, fmt.Sprintf("unexpected error: %s", err)) {
 					sc, ok := err.(render.StatusCodedError)
 					assert.Fatal(t, ok, "error does not implement StatusCodedError interface")