diff --git a/crypto-utils.spec b/crypto-utils.spec
index e185c4a..36b293d 100644
--- a/crypto-utils.spec
+++ b/crypto-utils.spec
@@ -4,7 +4,7 @@
 Summary: SSL certificate and key management utilities
 Name: crypto-utils
 Version: 2.4.1
-Release: 49%{?dist}
+Release: 50%{?dist}
 Group: Applications/System
 # certwatch.c is GPLv2
 # pemutil.c etc are (MPLv1.1+ or GPLv2+ or LPGLv2+)
@@ -135,6 +135,9 @@ chmod -R u+w $RPM_BUILD_ROOT
 %{perl_vendorarch}/auto/Crypt
 
 %changelog
+* Thu Feb 13 2014 Joe Orton <jorton@redhat.com> - 2.4.1-50
+- genkey: skip temporary cert generation for CSR case
+
 * Thu Feb 13 2014 Joe Orton <jorton@redhat.com> - 2.4.1-49
 - genkey: fix noise file handling
 
diff --git a/genkey.pl b/genkey.pl
index 3f02276..646cad0 100644
--- a/genkey.pl
+++ b/genkey.pl
@@ -1075,7 +1075,10 @@ sub makeCertOpenSSL
            exit 1;
         }
     }
-    unlink($noisefile);
+    if ($noisefile) {
+        unlink($noisefile);
+        $noisefile = '';
+    }
 }
 
 # Create a certificate-signing request file that can be submitted to a 
@@ -1430,20 +1433,13 @@ sub genReqWindow
                           $subject, 730, $randfile, $tmpPasswordFile);
     }
     
-# Now make a temporary cert
 
-    if (!$genreq_mode) {
-	    if (!-f $certfile) {
-            if ($nss) {
-                makeCertNSS($certfile,
-                            $subject, $cert_days, $nssNickname,
-                            $randfile, $tmpPasswordFile); 
-            } else {
-                makeCertOpenSSL($keyfile,$certfile,
-                                $subject, $cert_days,
-                                $randfile, $tmpPasswordFile);
-            }
-        }
+    # Now make a temporary cert; skip for OpenSSL since it would
+    # overwrite the existing key.
+    if (!$genreq_mode && !-f $certfile && $nss) {
+        makeCertNSS($certfile,
+                    $subject, $cert_days, $nssNickname,
+                    $randfile, $tmpPasswordFile);
     }
     
     undef $csrtext;