diff --git a/internal/dialer/dialer_pinning_test.go b/internal/dialer/dialer_pinning_test.go
index 809a390c..21111090 100644
--- a/internal/dialer/dialer_pinning_test.go
+++ b/internal/dialer/dialer_pinning_test.go
@@ -91,13 +91,12 @@ func TestTLSSignedCertWrongPublicKey(t *testing.T) {
 	r.Error(t, err, "expected dial to fail because of wrong public key")
 }
 
-// GODT-2293 bump badssl cert and re enable this.
-func _TestTLSSignedCertTrustedPublicKey(t *testing.T) { //nolint:unused,deadcode
+func TestTLSSignedCertTrustedPublicKey(t *testing.T) {
 	skipIfProxyIsSet(t)
 
 	_, dialer, _, checker, _ := createClientWithPinningDialer("")
 	copyTrustedPins(checker)
-	checker.trustedPins = append(checker.trustedPins, `pin-sha256="LwnIKjNLV3z243ap8y0yXNPghsqE76J08Eq3COvUt2E="`)
+	checker.trustedPins = append(checker.trustedPins, `pin-sha256="hgraU1+uoS6kjiJaH5G+BiqQoyiIml1Nat+2FiUAcII="`)
 	_, err := dialer.DialTLSContext(context.Background(), "tcp", "rsa4096.badssl.com:443")
 	r.NoError(t, err, "expected dial to succeed because public key is known and cert is signed by CA")
 }