diff --git a/Rakefile b/Rakefile
index f73cc21b7..06a7c1917 100644
--- a/Rakefile
+++ b/Rakefile
@@ -28,7 +28,6 @@ Rake::TestTask.new(:test_fips_internal) do |t|
   t.test_files = FileList['test/**/test_*.rb'] - FileList[
     'test/openssl/test_hmac.rb',
     'test/openssl/test_kdf.rb',
-    'test/openssl/test_pkcs12.rb',
     'test/openssl/test_ts.rb',
   ]
   t.warning = true
diff --git a/test/openssl/test_pkcs12.rb b/test/openssl/test_pkcs12.rb
index 1b5328774..4ea2aa4b4 100644
--- a/test/openssl/test_pkcs12.rb
+++ b/test/openssl/test_pkcs12.rb
@@ -3,6 +3,15 @@
 
 if defined?(OpenSSL)
 
+# OpenSSL::PKCS12.create calling the PKCS12_create() has the argument mac_iter
+# which uses a MAC key using PKCS12KDF which is not FIPS-approved.
+# OpenSSL::PKCS12.new with base64-encoded example calling PKCS12_parse()
+# verifies the MAC key using PKCS12KDF which is not FIPS-approved.
+# OpenSSL::PKCS12.create with key_pbe: PBE-SHA1-3DES, cert_pbe: PBE-SHA1-3DES
+# and mac_iter: -1 to omit the MAC key, fails by trying to fetch PKCS12KDF.
+# https://github.com/openssl/openssl/blob/1cb0d36b39f69367d63e940976faaa2c252763b4/crypto/pkcs12/p12_key.c#L92-L94
+return if OpenSSL.fips_mode
+
 module OpenSSL
   class TestPKCS12 < OpenSSL::TestCase
     DEFAULT_PBE_PKEYS = "PBE-SHA1-3DES"
@@ -210,8 +219,13 @@ def test_create_with_keytype
     end
 
     def test_new_with_no_keys
-      # generated with:
-      #   openssl pkcs12 -certpbe PBE-SHA1-3DES -in <@mycert> -nokeys -export
+      # Generated with the following steps:
+      #   Print the value of the @mycert such as by `puts @mycert.to_s` and
+      #   save the value as the file `mycert.pem`.
+      #   Run the following commands:
+      #   openssl pkcs12 -certpbe PBE-SHA1-3DES -in <(cat mycert.pem) \
+      #     -nokeys -export -passout pass:abc123 -out /tmp/p12.out
+      #   base64 -w 60 /tmp/p12.out
       str = <<~EOF.unpack1("m")
 MIIGJAIBAzCCBeoGCSqGSIb3DQEHAaCCBdsEggXXMIIF0zCCBc8GCSqGSIb3
 DQEHBqCCBcAwggW8AgEAMIIFtQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMw
@@ -259,8 +273,10 @@ def test_new_with_no_keys
     end
 
     def test_new_with_no_certs
-      # generated with:
-      #   openssl pkcs12 -inkey fixtures/openssl/pkey/rsa-1.pem -nocerts -export
+      # Generated with the folowing steps:
+      #   openssl pkcs12 -inkey test/openssl/fixtures/pkey/rsa-1.pem \
+      #     -nocerts -export -passout pass:abc123 -out /tmp/p12.out
+      #   base64 -w 60 /tmp/p12.out
       str = <<~EOF.unpack1("m")
 MIIJ7wIBAzCCCbUGCSqGSIb3DQEHAaCCCaYEggmiMIIJnjCCCZoGCSqGSIb3
 DQEHAaCCCYsEggmHMIIJgzCCCX8GCyqGSIb3DQEMCgECoIIJbjCCCWowHAYK