diff --git a/crypto-utils.spec b/crypto-utils.spec
index 36b293d..a79f0db 100644
--- a/crypto-utils.spec
+++ b/crypto-utils.spec
@@ -4,7 +4,7 @@
 Summary: SSL certificate and key management utilities
 Name: crypto-utils
 Version: 2.4.1
-Release: 50%{?dist}
+Release: 51%{?dist}
 Group: Applications/System
 # certwatch.c is GPLv2
 # pemutil.c etc are (MPLv1.1+ or GPLv2+ or LPGLv2+)
@@ -135,6 +135,9 @@ chmod -R u+w $RPM_BUILD_ROOT
 %{perl_vendorarch}/auto/Crypt
 
 %changelog
+* Thu Feb 13 2014 Joe Orton <jorton@redhat.com> - 2.4.1-51
+- certwatch: fix handling of files containing private keys
+
 * Thu Feb 13 2014 Joe Orton <jorton@redhat.com> - 2.4.1-50
 - genkey: skip temporary cert generation for CSR case
 
diff --git a/pemutil.c b/pemutil.c
index 310ce2c..b45b625 100644
--- a/pemutil.c
+++ b/pemutil.c
@@ -136,8 +136,10 @@ static SECStatus ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii)
             return SECFailure;
         }
     
+        body = strstr(asc, "-----BEGIN CERTIFICATE");
+        if (!body) body = strstr(asc, "-----BEGIN X509 CERTIFICATE");
         /* check for headers and trailers and remove them */
-        if ((body = strstr(asc, "-----BEGIN")) != NULL) {
+        if (body) {
             char *trailer = NULL;
             asc = body;
             body = PORT_Strchr(body, '\n');