diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index aab66c27..1cf1fca7 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -35,8 +35,11 @@ jobs:
           FILTER_REGEX_EXCLUDE: .*Tests/.*
           VALIDATE_MARKDOWN: false
   build:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
     name: "Build"
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.os }}
     timeout-minutes: 5
     permissions:
       contents: read
@@ -45,7 +48,7 @@ jobs:
         uses: actions/setup-dotnet@v3
         with:
           dotnet-version: '6.0.x'
-      - name: Check out code into the Go module directory
+      - name: Check out code into the project directory
         uses: actions/checkout@v3
       - name: Run unit tests
         run: make test
diff --git a/Notation.Plugin.AzureKeyVault.Tests/Protocol/CertificateExtensionTests.cs b/Notation.Plugin.AzureKeyVault.Tests/Protocol/CertificateExtensionTests.cs
index 218cf045..8e12a210 100644
--- a/Notation.Plugin.AzureKeyVault.Tests/Protocol/CertificateExtensionTests.cs
+++ b/Notation.Plugin.AzureKeyVault.Tests/Protocol/CertificateExtensionTests.cs
@@ -1,9 +1,20 @@
 using System.IO;
+using System.Runtime.InteropServices;
 using System.Security.Cryptography.X509Certificates;
 using Xunit;
 
 namespace Notation.Plugin.Protocol.Tests
 {
+    public sealed class RunOnLinux : TheoryAttribute
+    {
+        public RunOnLinux()
+        {
+            if (!RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
+            {
+                Skip = "test only works on Linux";
+            }
+        }
+    }
     public class CertificateExtensionTests
     {
         [Theory]
@@ -26,7 +37,9 @@ public void KeySpec_ValidKeySize_ReturnsKeySpec(string keyType, int keySize)
             Assert.Equal(keySize, result.Size);
         }
 
-        [Theory]
+        // only run test on Linux because ECDSA other than NIST P-256, 
+        // NIST P-384, NIST P-521 is not supported on Windows and macOS
+        [RunOnLinux]
         [InlineData("RSA", 1024)]
         [InlineData("EC", 163)]
         public void KeySpec_InvalidKeySize_ThrowsValidationException(string keyType, int keySize)
@@ -56,6 +69,5 @@ private static X509Certificate2 LoadCertificate(string keyType, int keySize)
             var certName = $"{keyType.ToLower()}_{keySize}.crt";
             return new X509Certificate2(Path.Combine(Directory.GetCurrentDirectory(), "TestData", certName));
         }
-
     }
 }