diff --git a/SignalServiceKit/src/Messages/UD/OWSUDManager.swift b/SignalServiceKit/src/Messages/UD/OWSUDManager.swift
index ee9c43b9b..d2374ea2f 100644
--- a/SignalServiceKit/src/Messages/UD/OWSUDManager.swift
+++ b/SignalServiceKit/src/Messages/UD/OWSUDManager.swift
@@ -60,8 +60,6 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
 
     private let dbConnection: YapDatabaseConnection
 
-    var certificateValidator: SMKCertificateValidator?
-
     // MARK: Local Configuration State
     private let kUDCollection = "kUDCollection"
     private let kUDCurrentSenderCertificateKey = "kUDCurrentSenderCertificateKey"
@@ -76,8 +74,6 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
 
         super.init()
 
-        self.certificateValidator = SMKCertificateDefaultValidator(trustRoot: trustRoot())
-
         SwiftSingletons.register(self)
     }
 
@@ -268,11 +264,6 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
     }
 
     private func isValidCertificate(_ certificate: SMKSenderCertificate) -> Bool {
-        guard let certificateValidator = self.certificateValidator else {
-            owsFail("Missing certificateValidator.")
-            return false
-        }
-
         // Ensure that the certificate will not expire in the next hour.
         // We want a threshold long enough to ensure that any outgoing message
         // sends will complete before the expiration.
@@ -280,6 +271,8 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
         let anHourFromNowMs = nowMs + kHourInMs
 
         do {
+            let certificateValidator = SMKCertificateDefaultValidator(trustRoot: trustRoot())
+
             try certificateValidator.validate(senderCertificate: certificate, validationTime: anHourFromNowMs)
             return true
         } catch {
diff --git a/SignalServiceKit/tests/Messages/OWSUDManagerTest.swift b/SignalServiceKit/tests/Messages/OWSUDManagerTest.swift
index 75abb39b0..9250b1602 100644
--- a/SignalServiceKit/tests/Messages/OWSUDManagerTest.swift
+++ b/SignalServiceKit/tests/Messages/OWSUDManagerTest.swift
@@ -38,15 +38,13 @@ class OWSUDManagerTest: SSKBaseTestSwift {
 
         let serverCertificate = SMKServerCertificate(keyId: 1,
                                                      key: try! ECPublicKey(keyData: Randomness.generateRandomBytes(ECCKeyLength)),
-                                                     // TODO: What's the right length?
-            signatureData: Randomness.generateRandomBytes(ECCSignatureLength))
+                                                     signatureData: Randomness.generateRandomBytes(ECCSignatureLength))
         let senderCertificate = SMKSenderCertificate(signer: serverCertificate,
                                                      key: try! ECPublicKey(keyData: Randomness.generateRandomBytes(ECCKeyLength)),
                                                      senderDeviceId: 1,
                                                      senderRecipientId: aliceRecipientId,
                                                      expirationTimestamp: NSDate.ows_millisecondTimeStamp() + kWeekInMs,
-                                                     // TODO: What's the right length?
-            signatureData: Randomness.generateRandomBytes(ECCSignatureLength))
+                                                     signatureData: Randomness.generateRandomBytes(ECCSignatureLength))
 
         udManager.setSenderCertificate(try! senderCertificate.serialized())
     }