diff --git a/datastructures/signerresponse.go b/datastructures/signerresponse.go
index d9f1ec2..c233d67 100644
--- a/datastructures/signerresponse.go
+++ b/datastructures/signerresponse.go
@@ -42,7 +42,7 @@ func SignerResponseFromData(lengthBytes []byte, blockData []byte, checkSum byte)
 
 	calculated := CalculateXorCheckSum([][]byte{lengthBytes, blockData})
 	if checkSum != calculated {
-		return nil, errors.New(fmt.Sprintf("invalid checksum expected 0x%x got 0x%x", calculated, checkSum))
+		return nil, fmt.Errorf("invalid checksum expected 0x%x got 0x%x", calculated, checkSum)
 	}
 
 	return &SignerResponse{
diff --git a/signer/x509_ops/operations.go b/signer/x509_ops/operations.go
index 868f9c5..7452163 100644
--- a/signer/x509_ops/operations.go
+++ b/signer/x509_ops/operations.go
@@ -153,6 +153,9 @@ func (x *Root) bumpCRLNumber(current *big.Int) error {
 	serial := current.Int64() + 1
 	crlNumberFile := x.crlNumberFile
 	outFile, err := ioutil.TempFile(path.Dir(crlNumberFile), "*.txt")
+	if err != nil {
+		return fmt.Errorf("could not create temporary crl number file: %v", err)
+	}
 	defer func() { _ = outFile.Close() }()
 
 	_, err = outFile.WriteString(fmt.Sprintf(
@@ -178,6 +181,9 @@ func (x *Root) bumpCRLNumber(current *big.Int) error {
 func (x *Root) bumpSerialNumber(current *big.Int) error {
 	serial := current.Int64() + 1
 	outFile, err := ioutil.TempFile(path.Dir(x.serialNumberFile), "*.txt")
+	if err != nil {
+		return fmt.Errorf("could not open temporary serial number file: %v", err)
+	}
 	defer func() { _ = outFile.Close() }()
 
 	_, err = outFile.WriteString(fmt.Sprintf(
@@ -225,6 +231,9 @@ func (x *Root) loadRevokedCertificatesFromDatabase() ([]pkix.RevokedCertificate,
 				return nil, fmt.Errorf("could not parse serial number %s as big int: %v", line[3], err)
 			}
 			revokeTs, err := strconv.ParseInt(line[2][:len(line[2])-1], 10, 64)
+			if err != nil {
+				return nil, fmt.Errorf("could not parse serial number: %v", err)
+			}
 			result = append(result, pkix.RevokedCertificate{
 				SerialNumber:   serialNumber,
 				RevocationTime: time.Unix(revokeTs, 0),
@@ -248,6 +257,9 @@ func (x *Root) recordRevocation(certificate *x509.Certificate) (*pkix.RevokedCer
 
 	outFile, err := ioutil.TempFile(path.Dir(x.databaseFile), "*.txt")
 	defer func() { _ = outFile.Close() }()
+	if err != nil {
+		return nil, fmt.Errorf("could not open temporary database file: %v", err)
+	}
 
 	scanner := bufio.NewScanner(inFile)
 	writer := bufio.NewWriter(outFile)
@@ -432,7 +444,6 @@ func (x *Root) checkDir(path, prefix string) bool {
 		log.Warnf("%s %s of %s has issues: %v", prefix, path, x, e)
 		if err := os.MkdirAll(path, 0755); err != nil {
 			log.Warnf("could not create %s %s of %s: %v", prefix, path, x, err)
-			ok = false
 		}
 		ok = false
 	} else if !s.IsDir() {
@@ -460,7 +471,7 @@ func (x *Root) SignCertificate(
 	if params.IsSpkac {
 		var err error
 		const spkacPrefix = "SPKAC="
-		if bytes.Compare([]byte(spkacPrefix), params.Request[:len(spkacPrefix)]) != 0 {
+		if !bytes.Equal([]byte(spkacPrefix), params.Request[:len(spkacPrefix)]) {
 			return nil, fmt.Errorf("request does not contain a valid SPKAC string")
 		}
 		derBytes, err := base64.StdEncoding.DecodeString(string(params.Request[len(spkacPrefix):]))
@@ -705,19 +716,19 @@ type AltNameType string
 
 const (
 	NameTypeDNS     AltNameType = "DNS"
-	NameTypeXmppJid             = "otherName:1.3.6.1.5.5.7.8.5;UTF8" // from RFC 3920, 6120
+	NameTypeXmppJid AltNameType = "otherName:1.3.6.1.5.5.7.8.5;UTF8" // from RFC 3920, 6120
 )
 
 type SubjectDnField string
 
 const (
 	SubjectDnFieldCountryName            SubjectDnField = "C"
-	SubjectDnFieldStateOrProvinceName                   = "ST"
-	SubjectDnFieldLocalityName                          = "L"
-	SubjectDnFieldOrganizationName                      = "O"
-	SubjectDnFieldOrganizationalUnitName                = "OU"
-	SubjectDnFieldCommonName                            = "CN"
-	SubjectDnFieldEmailAddress                          = "emailAddress"
+	SubjectDnFieldStateOrProvinceName    SubjectDnField = "ST"
+	SubjectDnFieldLocalityName           SubjectDnField = "L"
+	SubjectDnFieldOrganizationName       SubjectDnField = "O"
+	SubjectDnFieldOrganizationalUnitName SubjectDnField = "OU"
+	SubjectDnFieldCommonName             SubjectDnField = "CN"
+	SubjectDnFieldEmailAddress           SubjectDnField = "emailAddress"
 )
 
 type Profile struct {
@@ -743,7 +754,7 @@ func (p *Profile) parseSubject(subject []byte) (*pkix.Name, error) {
 		handled := false
 		item := strings.SplitN(part, "=", 2)
 		for _, f := range p.subjectDNFields {
-			if strings.ToUpper(item[0]) != strings.ToUpper(string(f)) {
+			if !strings.EqualFold(item[0], string(f)) {
 				continue
 			}
 			value := item[1]