diff --git a/cert.go b/cert.go
index 6562d91..03b841b 100644
--- a/cert.go
+++ b/cert.go
@@ -11,7 +11,7 @@ import (
 	"time"
 )
 
-func generateCertificate() error {
+func generateCertificate(certPath, keyPath string) error {
 	priv, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
 		return err
@@ -35,14 +35,14 @@ func generateCertificate() error {
 		return err
 	}
 
-	certOut, err := os.Create("cert.pem")
+	certOut, err := os.Create(certPath)
 	if err != nil {
 		return err
 	}
 	defer certOut.Close()
 	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
 
-	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	keyOut, err := os.OpenFile(keyPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		return err
 	}
diff --git a/proxy.go b/proxy.go
index b98f2a7..76224a1 100644
--- a/proxy.go
+++ b/proxy.go
@@ -160,8 +160,16 @@ func main() {
 	flag.Parse()
 
 	if !fileExists(Config.Cert) || !fileExists(Config.Key) {
-		log.Println("cert not exists, generate")
-		generateCertificate()
+		if fileExists(Config.Cert) {
+			log.Println("found cert, but no corresponding key")
+			os.Exit(-1)
+		} else if fileExists(Config.Key) {
+			log.Println("found key, but no corresponding cert")
+			os.Exit(-1)
+		}
+
+		log.Println("cert and key do not exist, generating")
+		generateCertificate(Config.Cert, Config.Key)
 	}
 
 	server := &http.Server{