diff --git a/.github/workflows/main_pr_testing.yml b/.github/workflows/main_pr_testing.yml
@@ -0,0 +1,25 @@
+name: Call main PR testing workflows
+
+on:
+  workflow_dispatch:
+  pull_request:
+    paths-ignore:
+      - '**.md'
+      - 'examples/**'
+      - 'CODEOWNERS'
+      - 'LICENSE'
+
+jobs:
+  spec_testing:
+    name: "Spec testing"
+    uses: ./.github/workflows/spec.yml
+
+  lts_testing:
+    name: "PE LTS Testing"
+    needs: spec_testing
+    uses: ./.github/workflows/pe_lts_testing.yml
+
+  latest_testing:
+    name: "PE latest Testing"
+    needs: spec_testing
+    uses: ./.github/workflows/pe_latest_testing.yml
diff --git a/.github/workflows/pe_latest_testing.yml b/.github/workflows/pe_latest_testing.yml
@@ -2,7 +2,7 @@ name: "PE Latest Acceptance Testing"
 
 on:
   workflow_dispatch:
-  pull_request:
+  workflow_call:
 
 env:
   HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6

diff --git a/.github/workflows/pe_lts_testing.yml b/.github/workflows/pe_lts_testing.yml
@@ -2,7 +2,7 @@ name: "PE LTS Acceptance Testing"
 
 on:
   workflow_dispatch:
-  pull_request:
+  workflow_call:
 
 env:
   HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6

diff --git a/.github/workflows/spec.yml b/.github/workflows/spec.yml
@@ -2,7 +2,7 @@ name: "Spec Tests"
 
 on:
   workflow_dispatch:
-  pull_request:
+  workflow_call:
 
 env:
   HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,19 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v3.2.0](https://github.com/puppetlabs/ca_extend/tree/v3.2.0) (2022-06-29)
+
+[Full Changelog](https://github.com/puppetlabs/ca_extend/compare/v3.1.0...v3.2.0)
+
+### Added
+
+- \(SUP-3016\) Ensure valid json formatting [\#64](https://github.com/puppetlabs/ca_extend/pull/64) ([m0dular](https://github.com/m0dular))
+- \(SUP-3016\) Add printing dates to agent expiry task [\#63](https://github.com/puppetlabs/ca_extend/pull/63) ([elainemccloskey](https://github.com/elainemccloskey))
+
+### Fixed
+
+- \(SUP-3433\) Incorrect Error handling ref for upload\_ca\_cert.pp  [\#67](https://github.com/puppetlabs/ca_extend/pull/67) ([MartyEwings](https://github.com/MartyEwings))
+
 ## [v3.1.0](https://github.com/puppetlabs/ca_extend/tree/v3.1.0) (2022-03-28)
 
 [Full Changelog](https://github.com/puppetlabs/ca_extend/compare/v3.0.0...v3.1.0)

diff --git a/README.md b/README.md
@@ -197,6 +197,8 @@ Next, run puppet so the agent will retreive `ca.pem`:
 puppet agent -t
 ```
 
+**Note:** If you are depending on agent nodes downloading `ca.pem` during a scheduled Puppet run rather than manually initiating a Puppet run with `puppet agent -t`, you may need to restart the `puppet` service on \*nix nodes. This is because the Puppet agent daemon on \*nix nodes could have previous CA content loaded into memory. 
+
 #### 3. Using a Puppet file resource to manage `ca.pem`
 
 
@@ -237,15 +239,21 @@ Started on local://pe-server-7a5b76-0.us-west1-c.internal...
 Finished on local://pe-server-7a5b76-0.us-west1-c.internal:
   {
     "valid": [
-      "/etc/puppetlabs/puppet/ssl/ca/signed/console-cert.pem",
-      "/etc/puppetlabs/puppet/ssl/ca/signed/pe-node-7a5b76-0.us-west1-c.internal.pem",
-      "/etc/puppetlabs/puppet/ssl/ca/signed/pe-server-7a5b76-0.us-west1-c.internal.pem",
-      "/etc/puppetlabs/puppet/ssl/ca/signed/win19-06d5fc-0.us-west1-c.internal.pem"
+      {
+        "console-cert.pem": "Jan 14 19:55:34 2024 GMT"
+      },
+      {
+        "critical-boom.delivery.puppetlabs.net.pem": "Apr 21 17:57:20 2027 GMT"
+      },
+      {
+        "irate-maple.delivery.puppetlabs.net.pem": "Apr 21 19:25:35 2027 GMT"
+      }
     ],
-    "expiring": [
+    "expired": [
 
     ]
   }
+
 Successful on 1 target: local://pe-server-7a5b76-0.us-west1-c.internal
 Ran on 1 target in 1.32 sec
 ```

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-ca_extend",
-  "version": "3.1.0",
+  "version": "3.2.0",
   "author": "Adrian Parreiras Horta",
   "summary": "A set of Bolt Plans and Tasks to extend the CA cert in Puppet Enterprise",
   "license": "GPL-2.0-only",

diff --git a/plans/upload_ca_cert.pp b/plans/upload_ca_cert.pp
@@ -13,7 +13,7 @@
 
   # Extract the ResultSet from an error object
   case $tmp {
-    'Error'['bolt/run-failure']: {
+    Error['bolt/run-failure']: {
       $results = $tmp.details['result_set']
       $not_ok = $results.error_set
     }

diff --git a/spec/fixtures/matrix/latest.json b/spec/fixtures/matrix/latest.json
@@ -1 +1 @@
-{"platforms":[{"label":"CentOS-7","provider":"provision::provision_service","image":"centos-7"},{"label":"centos-stream-8","provider":"provision::provision_service","image":"centos-cloud/centos-stream-8"},{"label":"RedHat-7","provider":"provision::provision_service","image":"rhel-7"},{"label":"Ubuntu-1804","provider":"provision::provision_service","image":"ubuntu-1804-lts"},{"label":"RedHat-8","provider":"provision::provision_service","image":"rhel-8"},{"label":"Sles-12","provider":"provision::provision_service","image":"sles-12"},{"label":"AlmaLinux-8","provider":"provision::provision_service","image":"almalinux-cloud/almalinux-8"},{"label":"Rocky-Linux-8","provider":"provision::provision_service","image":"rocky-linux-cloud/rocky-linux-8"}]}
+{"platforms":[{"label":"CentOS-7","provider":"provision::provision_service","image":"centos-7"},{"label":"RedHat-7","provider":"provision::provision_service","image":"rhel-7"},{"label":"Ubuntu-1804","provider":"provision::provision_service","image":"ubuntu-1804-lts"},{"label":"Ubuntu-2004","provider":"provision::provision_service","image":"ubuntu-2004-lts"},{"label":"RedHat-8","provider":"provision::provision_service","image":"rhel-8"},{"label":"Sles-12","provider":"provision::provision_service","image":"sles-12"},{"label":"AlmaLinux-8","provider":"provision::provision_service","image":"almalinux-cloud/almalinux-8"},{"label":"Rocky-Linux-8","provider":"provision::provision_service","image":"rocky-linux-cloud/rocky-linux-8"},{"label":"Sles-15","provider":"provision::provision_service","image":"sles-15"}]}
diff --git a/spec/fixtures/matrix/lts.json b/spec/fixtures/matrix/lts.json
@@ -1 +1 @@
-{"platforms":[{"label":"CentOS-7","provider":"provision::provision_service","image":"centos-7"},{"label":"centos-stream-8","provider":"provision::provision_service","image":"centos-cloud/centos-stream-8"},{"label":"RedHat-7","provider":"provision::provision_service","image":"rhel-7"},{"label":"Ubuntu-1804","provider":"provision::provision_service","image":"ubuntu-1804-lts"},{"label":"RedHat-8","provider":"provision::provision_service","image":"rhel-8"},{"label":"Sles-12","provider":"provision::provision_service","image":"sles-12"},{"label":"AlmaLinux-8","provider":"provision::provision_service","image":"almalinux-cloud/almalinux-8"},{"label":"Rocky-Linux-8","provider":"provision::provision_service","image":"rocky-linux-cloud/rocky-linux-8"}]}
+{"platforms":[{"label":"CentOS-7","provider":"provision::provision_service","image":"centos-7"},{"label":"RedHat-7","provider":"provision::provision_service","image":"rhel-7"},{"label":"Ubuntu-1804","provider":"provision::provision_service","image":"ubuntu-1804-lts"},{"label":"Ubuntu-2004","provider":"provision::provision_service","image":"ubuntu-2004-lts"},{"label":"RedHat-8","provider":"provision::provision_service","image":"rhel-8"},{"label":"Sles-12","provider":"provision::provision_service","image":"sles-12"},{"label":"Sles-15","provider":"provision::provision_service","image":"sles-15"},{"label":"AlmaLinux-8","provider":"provision::provision_service","image":"almalinux-cloud/almalinux-8"},{"label":"Rocky-Linux-8","provider":"provision::provision_service","image":"rocky-linux-cloud/rocky-linux-8"}]}
diff --git a/tasks/check_agent_expiry.sh b/tasks/check_agent_expiry.sh
@@ -21,21 +21,37 @@ fi
 
 shopt -s nullglob
 
-for f in "$($PUPPET_BIN/puppet config print signeddir)"/*; do
+for cert in "$($PUPPET_BIN/puppet config print signeddir)"/*; do
   # The -checkend command in openssl takes a number of seconds as an argument
   # However, on older versions we may overflow a 32 bit integer if we use that
   # So, we'll use bash arithmetic and `date` to do the comparison
-  expiry_date="$(${openssl} x509 -enddate -noout -in "${f}")"
+  expiry_date="$(${openssl} x509 -enddate -noout -in "${cert}")"
   expiry_date="${expiry_date#*=}"
   expiry_seconds="$(date --date="$expiry_date" +"%s")" || fail "Error calculating expiry date from enddate"
 
+  # Only use the filename without preceding directories
+  short_cert="${cert##*/}"
+
   if (( to_date >= expiry_seconds )); then
-    expired+=("\"$f\"")
+    expired+=("\"$short_cert\"")
+    expired+=("\"$expiry_date\"")
   else
-    valid+=("\"$f\"")
+    valid+=("\"$short_cert\"")
+    valid+=("\"$expiry_date\"")
   fi
 done
 
 # This is ugly, we as of now we don't include jq binaries in Bolt
-# As long as there aren't weird characters in certnames it should be ok
-(IFS=,; printf '{"valid": [%s], "expiring": [%s]}' "${valid[*]}" "${expired[*]}")
+if (( "${#valid[@]}" > 0 )); then
+  # Construct a string of individual json objects in the form of:
+  # {"cert_1": "expiration_date"},{"cert_2": "expiration_date"},
+  # There will be a trailing comma we strip in the final echo
+  valid_output=$(printf '{%s: %s},' "${valid[@]}")
+fi
+
+if (( "${#expired[@]}" > 0 )); then
+  expired_output=$(printf '{%s: %s},' "${expired[@]}")
+fi
+
+# Create json arrays by stripping the trailing comma and adding brackets
+echo "{\"valid\": [${valid_output%,}], \"expired\": [${expired_output%,}]}"