diff --git a/spec/lib/pedicel/base_spec.rb b/spec/lib/pedicel/base_spec.rb
index 76cccc9..aabfa7e 100644
--- a/spec/lib/pedicel/base_spec.rb
+++ b/spec/lib/pedicel/base_spec.rb
@@ -8,11 +8,11 @@
 
   let (:token) { PedicelPay::Token.new.sample }
 
+  let (:config) { Pedicel::DEFAULT_CONFIG.merge(trusted_ca_pem: backend.ca_certificate.to_pem) }
+
   let (:pedicel) do
     backend.encrypt_and_sign(token, recipient: client)
 
-    config = Pedicel::DEFAULT_CONFIG.merge(trusted_ca_pem: backend.ca_certificate.to_pem)
-
     Pedicel::EC.new(token.to_hash, config: config)
   end
 
@@ -477,6 +477,13 @@ def create_special_certificate(ca_key, ca_certificate, config, oids)
 
     let (:limit) { pedicel.config[:replay_threshold_seconds] }
 
+    it 'errs if the signature has multiple signers' do
+      backend.encrypt_and_sign(token, recipient: client)
+      PedicelPay::Backend.generate.sign(token, replace: false)
+      signature = OpenSSL::PKCS7.new(Pedicel::EC.new(token.to_hash, config: config).signature)
+      expect{Pedicel::Base.verify_signed_time(signature: signature, now: now)}.to raise_error(Pedicel::SignatureError, 'not 1 signer, unable to determine signing time')
+    end
+
     it 'errs if the signature is too new' do
       expect{Pedicel::Base.verify_signed_time(signature: signature, now: now-limit)}.to_not raise_error
       expect{Pedicel::Base.verify_signed_time(signature: signature, now: now-limit-1)}.to raise_error(Pedicel::SignatureError)