diff --git a/pkg/pmapi/dialer_pinning_test.go b/pkg/pmapi/dialer_pinning_test.go
index d529ad29..98ffc3bf 100644
--- a/pkg/pmapi/dialer_pinning_test.go
+++ b/pkg/pmapi/dialer_pinning_test.go
@@ -115,14 +115,16 @@ func _TestTLSPinInvalid(t *testing.T) { // nolint[unused]
 	Equals(t, 1, *called)
 }
 
-func TestTLSSignedCertWrongPublicKey(t *testing.T) { // nolint[unused]
+// The tests below should pass but cannot run in CI due to proxy issues.
+
+func _TestTLSSignedCertWrongPublicKey(t *testing.T) { // nolint[unused]
 	cm := newTestClientManager(testLiveConfig)
 	_, dialer := createAndSetPinningDialer(cm)
 	_, err := dialer.DialTLS("tcp", "rsa4096.badssl.com:443")
 	assert.Error(t, err, "expected dial to fail because of wrong public key")
 }
 
-func TestTLSSignedCertTrustedPublicKey(t *testing.T) { // nolint[unused]
+func _TestTLSSignedCertTrustedPublicKey(t *testing.T) { // nolint[unused]
 	cm := newTestClientManager(testLiveConfig)
 	_, dialer := createAndSetPinningDialer(cm)
 	dialer.pinChecker.trustedPins = append(dialer.pinChecker.trustedPins, `pin-sha256="W8/42Z0ffufwnHIOSndT+eVzBJSC0E8uTIC8O6mEliQ="`)
@@ -130,7 +132,7 @@ func TestTLSSignedCertTrustedPublicKey(t *testing.T) { // nolint[unused]
 	assert.NoError(t, err, "expected dial to succeed because public key is known and cert is signed by CA")
 }
 
-func TestTLSSelfSignedCertTrustedPublicKey(t *testing.T) { // nolint[unused]
+func _TestTLSSelfSignedCertTrustedPublicKey(t *testing.T) { // nolint[unused]
 	cm := newTestClientManager(testLiveConfig)
 	_, dialer := createAndSetPinningDialer(cm)
 	dialer.pinChecker.trustedPins = append(dialer.pinChecker.trustedPins, `pin-sha256="9SLklscvzMYj8f+52lp5ze/hY0CFHyLSPQzSpYYIBm8="`)