diff --git a/groove/groove-python/cli.py b/groove/groove-python/groove/cli.py
similarity index 90%
rename from groove/groove-python/cli.py
rename to groove/groove-python/groove/cli.py
index 74758a8..a91a7fb 100644
--- a/groove/groove-python/cli.py
+++ b/groove/groove-python/groove/cli.py
@@ -4,7 +4,7 @@
 
 
 def install_ca():
-    run(
+    run([
         str(get_asset_path("grooveproxy")),
         "install-ca",
-    )
+    ])
diff --git a/groove/groove-python/groove/tests/test_fingerprint.py b/groove/groove-python/groove/tests/test_fingerprint.py
index 8782e0d..4af4ddc 100644
--- a/groove/groove-python/groove/tests/test_fingerprint.py
+++ b/groove/groove-python/groove/tests/test_fingerprint.py
@@ -1,18 +1,35 @@
 import pytest
 from playwright._impl._api_types import Error as PlaywrightError
 
-from groove.proxy import ProxyFailureError
+from groove.proxy import ProxyFailureError, Groove
 
 
-@pytest.mark.xfail(reason="TLS certificate blocked", raises=ProxyFailureError)
-def test_tls_addons(proxy, context):
+def test_tls_addons(proxy: Groove, context):
     """
-    Test TLS addons
+    Test that our TLS payload has a field listing the installed signature extensions. We know
+    that Google specifically checks for ALPS (ApplicationSettingsExtension) so we try to render
+    the homepage here.
+
     """
     page = context.new_page()
 
+    proxy.tape_start()
+
     try:
         page.goto("https://www.google.com:443/")
     except PlaywrightError as e:
         if "net::ERR_EMPTY_RESPONSE" in e.message:
             raise ProxyFailureError()
+
+    # Get the page
+    tape_session = proxy.tape_get()
+
+    assert len(tape_session.records) > 1
+
+    main_page = [
+        record
+        for record in tape_session.records
+        if record.request.url.strip("/") == "https://www.google.com:443"
+    ]
+
+    assert len(main_page[0].response.body) > 1000