diff --git a/p2p/security/tls/crypto.go b/p2p/security/tls/crypto.go
index a0a52cea72..14e1db02b5 100644
--- a/p2p/security/tls/crypto.go
+++ b/p2p/security/tls/crypto.go
@@ -68,9 +68,7 @@ func (i *Identity) ConfigForAny() (*tls.Config, <-chan ic.PubKey) {
 //
 // It should be used to create a new tls.Config before securing either an
 // incoming or outgoing connection.
-func (i *Identity) ConfigForPeer(
-	remote peer.ID,
-) (*tls.Config, <-chan ic.PubKey) {
+func (i *Identity) ConfigForPeer(remote peer.ID) (*tls.Config, <-chan ic.PubKey) {
 	keyCh := make(chan ic.PubKey, 1)
 	// We need to check the peer ID in the VerifyPeerCertificate callback.
 	// The tls.Config it is also used for listening, and we might also have concurrent dials.
@@ -90,7 +88,7 @@ func (i *Identity) ConfigForPeer(
 			chain[i] = cert
 		}
 
-		pubKey, err := getRemotePubKey(chain)
+		pubKey, err := PubKeyFromCertChain(chain)
 		if err != nil {
 			return err
 		}
@@ -103,8 +101,8 @@ func (i *Identity) ConfigForPeer(
 	return conf, keyCh
 }
 
-// getRemotePubKey derives the remote's public key from the certificate chain.
-func getRemotePubKey(chain []*x509.Certificate) (ic.PubKey, error) {
+// PubKeyFromCertChain verifies the certificate chain and extract the remote's public key.
+func PubKeyFromCertChain(chain []*x509.Certificate) (ic.PubKey, error) {
 	if len(chain) != 1 {
 		return nil, errors.New("expected one certificates in the chain")
 	}