diff --git a/test/integration/e2e/credentials.go b/test/integration/e2e/credentials.go
index 480cdcd7..54c60440 100644
--- a/test/integration/e2e/credentials.go
+++ b/test/integration/e2e/credentials.go
@@ -21,3 +21,16 @@ func EnsureTestCredentials(name string, oauthToken string, endpointName string)
 	createCredsParams.Name = fmt.Sprintf("%s-clone", name)
 	CreateGithubCredentials(createCredsParams)
 }
+
+func createDummyCredentials(name, endpointName string) *params.GithubCredentials {
+	createCredsParams := params.CreateGithubCredentialsParams{
+		Name:        name,
+		Endpoint:    endpointName,
+		Description: "GARM test credentials",
+		AuthType:    params.GithubAuthTypePAT,
+		PAT: params.GithubPAT{
+			OAuth2Token: "dummy",
+		},
+	}
+	return CreateGithubCredentials(createCredsParams)
+}
diff --git a/test/integration/e2e/endpoints.go b/test/integration/e2e/endpoints.go
index 9f4e5794..433da53f 100644
--- a/test/integration/e2e/endpoints.go
+++ b/test/integration/e2e/endpoints.go
@@ -1,6 +1,7 @@
 package e2e
 
 import (
+	"log/slog"
 	"os"
 	"path/filepath"
 
@@ -44,15 +45,23 @@ func checkEndpointParamsAreEqual(a, b params.GithubEndpoint) {
 	}
 }
 
-func TestGithubEndpointOperations() {
+func getTestFileContents(relPath string) []byte {
 	baseDir := os.Getenv("GARM_CHECKOUT_DIR")
 	if baseDir == "" {
 		panic("GARM_CHECKOUT_DIR not set")
 	}
-	caBundle, err := os.ReadFile(filepath.Join(baseDir, "testdata/certs/srv-pub.pem"))
+	contents, err := os.ReadFile(filepath.Join(baseDir, "testdata", relPath))
 	if err != nil {
 		panic(err)
 	}
+	return contents
+}
+
+func TestGithubEndpointOperations() {
+	MustDefaultGithubEndpoint()
+
+	caBundle := getTestFileContents("certs/srv-pub.pem")
+
 	endpointParams := params.CreateGithubEndpointParams{
 		Name:          "test-endpoint",
 		Description:   "Test endpoint",
@@ -107,8 +116,64 @@ func TestGithubEndpointOperations() {
 	}
 
 	DeleteGithubEndpoint(endpoint.Name)
+}
 
+func TestGithubEndpointMustFailToDeleteDefaultGithubEndpoint() {
 	if err := deleteGithubEndpoint(cli, authToken, "github.com"); err == nil {
 		panic("expected error when attempting to delete the default github.com endpoint")
 	}
 }
+
+func TestGithubEndpointFailsOnInvalidCABundle() {
+	slog.Info("Testing endpoint creation with invalid CA cert bundle")
+	badCABundle := getTestFileContents("certs/srv-key.pem")
+
+	endpointParams := params.CreateGithubEndpointParams{
+		Name:          "dummy",
+		Description:   "Dummy endpoint",
+		BaseURL:       "https://ghes.example.com",
+		APIBaseURL:    "https://api.ghes.example.com/",
+		UploadBaseURL: "https://uploads.ghes.example.com/",
+		CACertBundle:  badCABundle,
+	}
+
+	if _, err := createGithubEndpoint(cli, authToken, endpointParams); err == nil {
+		panic("expected error when creating endpoint with invalid CA cert bundle")
+	}
+}
+
+func TestGithubEndpointDeletionFailsWhenCredentialsExist() {
+	slog.Info("Testing endpoint deletion when credentials exist")
+	endpointParams := params.CreateGithubEndpointParams{
+		Name:          "dummy",
+		Description:   "Dummy endpoint",
+		BaseURL:       "https://ghes.example.com",
+		APIBaseURL:    "https://api.ghes.example.com/",
+		UploadBaseURL: "https://uploads.ghes.example.com/",
+	}
+
+	endpoint := CreateGithubEndpoint(endpointParams)
+	creds := createDummyCredentials("test-creds", endpoint.Name)
+
+	if err := deleteGithubEndpoint(cli, authToken, endpoint.Name); err == nil {
+		panic("expected error when deleting endpoint with credentials")
+	}
+
+	DeleteGithubCredential(int64(creds.ID))
+	DeleteGithubEndpoint(endpoint.Name)
+}
+
+func TestGithubEndpointFailsOnDuplicateName() {
+	slog.Info("Testing endpoint creation with duplicate name")
+	endpointParams := params.CreateGithubEndpointParams{
+		Name:          "github.com",
+		Description:   "Dummy endpoint",
+		BaseURL:       "https://ghes.example.com",
+		APIBaseURL:    "https://api.ghes.example.com/",
+		UploadBaseURL: "https://uploads.ghes.example.com/",
+	}
+
+	if _, err := createGithubEndpoint(cli, authToken, endpointParams); err == nil {
+		panic("expected error when creating endpoint with duplicate name")
+	}
+}
diff --git a/test/integration/main.go b/test/integration/main.go
index b9bf2cc9..711478b8 100644
--- a/test/integration/main.go
+++ b/test/integration/main.go
@@ -76,13 +76,15 @@ func main() {
 	e2e.FirstRun(adminUsername, adminPassword, adminFullName, adminEmail)
 	e2e.Login(adminUsername, adminPassword)
 
-	// Ensure that the default "github.com" endpoint is automatically created.
-	e2e.MustDefaultGithubEndpoint()
-	// Create test credentials
-	e2e.EnsureTestCredentials(credentialsName, ghToken, "github.com")
-
 	// Test endpoint operations
 	e2e.TestGithubEndpointOperations()
+	e2e.TestGithubEndpointFailsOnInvalidCABundle()
+	e2e.TestGithubEndpointDeletionFailsWhenCredentialsExist()
+	e2e.TestGithubEndpointFailsOnDuplicateName()
+	e2e.TestGithubEndpointMustFailToDeleteDefaultGithubEndpoint()
+
+	// Create test credentials
+	e2e.EnsureTestCredentials(credentialsName, ghToken, "github.com")
 
 	// //////////////////
 	// controller info //