diff --git a/ssl_mgmt/ssl_mgmt b/ssl_mgmt/ssl_mgmt
index 5b3ce87..e67204e 100755
--- a/ssl_mgmt/ssl_mgmt
+++ b/ssl_mgmt/ssl_mgmt
@@ -300,12 +300,15 @@ generate_cert ()
 		-keyfile $CAKeyPath -passin file:$rootCAPwdPath \
 		-out $certSubdir/$certFile -infiles $csrSubdir/$reqFile
 
+	# Create the keycert file (file with merged key and certificate)
+	cat $keySubdir/$keyFile $certSubdir/$certFile > $keySubdir/$keycertFile
+
 	# Safety check
 	if ! openssl x509 -noout -text -in $certSubdir/$certFile >/dev/null 2>&1 ||
 		! openssl verify -CAfile $CACertPath $certSubdir/$certFile >/dev/null 2>&1
 	then
 		echo "Generated certificate is corrupted." >&2
-		rm $certSubdir/$certFile $keySubdir/$keyFile
+		rm $certSubdir/$certFile $keySubdir/$keyFile $keySubdir/$keycertFile
 		return 1
 	fi
 	if ! openssl rsa -noout -text -in $keySubdir/$keyFile >/dev/null 2>&1
@@ -320,13 +323,17 @@ generate_cert ()
 	then
 		echo -n "Generated certificate and key do not match." >&2
 		echo " Aborting." >&2
-		rm $certSubdir/$certFile $keySubdir/$keyFile
+		rm $certSubdir/$certFile $keySubdir/$keyFile $keySubdir/$keycertFile
 		return 1
 	fi
 
-	# Notify and install the new certificate
+	# Sets ownership and rights of generated files
 	getfacl "$certPath" | setfacl --set-file=- $certSubdir/$certFile
 	chown --reference="$certPath" $certSubdir/$certFile
+	getfacl "$keyPath" | setfacl --set-file=- $keySubdir/$keycertFile
+	chown --reference="$keyPath" $keySubdir/$keycertFile
+
+	# Notify and install the new certificate
 	if [ -z "$no_overwrite" ]
 	then
 		if [ ! -f "$certDestDir/$certFile" ]
@@ -339,7 +346,13 @@ generate_cert ()
 			echo "Error! No file named $keyFile in directory $keyDestDir:" >&2
 			echo "there might be a problem." >&2
 		fi
+		if [ ! -f "$keyDestDir/$keycertFile" ]
+		then
+			echo "Error! No file named $keycertFile in directory $keyDestDir:" >&2
+			echo "there might be a problem." >&2
+		fi
 		mv $keySubdir/$keyFile $keyDestDir
+		mv $keySubdir/$keycertFile $keyDestDir
 		fingerprint="$(openssl x509 -in "$certPath" -noout -fingerprint)"
 		fingerprint=${fingerprint#*=}
 		if [ -n "$notifiedUsers" ]
@@ -352,9 +365,6 @@ EOF
 		fi
 		mv $certSubdir/$certFile $certDestDir
 	fi
-	cat $keyDestDir/$keyFile $certDestDir/$certFile > $keyDestDir/$keycertFile
-	getfacl "$keyPath" | setfacl --set-file=- $keyDestDir/$keycertFile
-	chown --reference="$keyPath" $keyDestDir/$keycertFile
 	return 0
 }