diff --git a/rcgen/src/csr.rs b/rcgen/src/csr.rs
index 374a4c74..e0d9eb6f 100644
--- a/rcgen/src/csr.rs
+++ b/rcgen/src/csr.rs
@@ -51,8 +51,7 @@ impl CertificateSigningRequest {
 		let csr = x509_parser::certification_request::X509CertificationRequest::from_der(csr)
 			.map_err(|_| Error::CouldNotParseCertificationRequest)?
 			.1;
-		csr.verify_signature()
-			.map_err(|_| Error::Ring("Unspecified error".into()))?;
+		csr.verify_signature().map_err(|_| Error::RingUnspecified)?;
 		let alg_oid = csr
 			.signature_algorithm
 			.algorithm
diff --git a/rcgen/src/error.rs b/rcgen/src/error.rs
index 8fa5e039..691c6df3 100644
--- a/rcgen/src/error.rs
+++ b/rcgen/src/error.rs
@@ -23,8 +23,10 @@ pub enum Error {
 	UnsupportedExtension,
 	/// The requested signature algorithm is not supported
 	UnsupportedSignatureAlgorithm,
-	/// An error from the `ring` library was encountered
-	Ring(String),
+	/// Unspecified `ring` error
+	RingUnspecified,
+	/// The `ring` library rejected the key upon loading
+	RingKeyRejected(String),
 	/// The provided certificate's signature algorithm
 	/// is incompatible with the given key pair
 	CertificateKeyPairMismatch,
@@ -71,7 +73,8 @@ impl fmt::Display for Error {
 			)?,
 			#[cfg(feature = "x509-parser")]
 			UnsupportedExtension => write!(f, "Unsupported extension requested in CSR")?,
-			Ring(e) => write!(f, "Error from *ring*: {}", e)?,
+			RingUnspecified => write!(f, "Unspecified ring error")?,
+			RingKeyRejected(e) => write!(f, "Key rejected by ring: {}", e)?,
 			CertificateKeyPairMismatch => write!(
 				f,
 				"The provided certificate's signature \
diff --git a/rcgen/src/key_pair.rs b/rcgen/src/key_pair.rs
index a09c6b56..3d43ac4c 100644
--- a/rcgen/src/key_pair.rs
+++ b/rcgen/src/key_pair.rs
@@ -113,30 +113,29 @@ impl KeyPair {
 
 		let kind = if alg == &PKCS_ED25519 {
 			KeyPairKind::Ed(
-				Ed25519KeyPair::from_pkcs8_maybe_unchecked(pkcs8)
-					.map_err(|e| Error::Ring(e.to_string()))?,
+				Ed25519KeyPair::from_pkcs8_maybe_unchecked(pkcs8).map_err(key_rejected_err)?,
 			)
 		} else if alg == &PKCS_ECDSA_P256_SHA256 {
 			KeyPairKind::Ec(
 				EcdsaKeyPair::from_pkcs8(&signature::ECDSA_P256_SHA256_ASN1_SIGNING, pkcs8, rng)
-					.map_err(|e| Error::Ring(e.to_string()))?,
+					.map_err(key_rejected_err)?,
 			)
 		} else if alg == &PKCS_ECDSA_P384_SHA384 {
 			KeyPairKind::Ec(
 				EcdsaKeyPair::from_pkcs8(&signature::ECDSA_P384_SHA384_ASN1_SIGNING, pkcs8, rng)
-					.map_err(|e| Error::Ring(e.to_string()))?,
+					.map_err(key_rejected_err)?,
 			)
 		} else if alg == &PKCS_RSA_SHA256 {
-			let rsakp = RsaKeyPair::from_pkcs8(pkcs8).map_err(|e| Error::Ring(e.to_string()))?;
+			let rsakp = RsaKeyPair::from_pkcs8(pkcs8).map_err(key_rejected_err)?;
 			KeyPairKind::Rsa(rsakp, &signature::RSA_PKCS1_SHA256)
 		} else if alg == &PKCS_RSA_SHA384 {
-			let rsakp = RsaKeyPair::from_pkcs8(pkcs8).map_err(|e| Error::Ring(e.to_string()))?;
+			let rsakp = RsaKeyPair::from_pkcs8(pkcs8).map_err(key_rejected_err)?;
 			KeyPairKind::Rsa(rsakp, &signature::RSA_PKCS1_SHA384)
 		} else if alg == &PKCS_RSA_SHA512 {
-			let rsakp = RsaKeyPair::from_pkcs8(pkcs8).map_err(|e| Error::Ring(e.to_string()))?;
+			let rsakp = RsaKeyPair::from_pkcs8(pkcs8).map_err(key_rejected_err)?;
 			KeyPairKind::Rsa(rsakp, &signature::RSA_PKCS1_SHA512)
 		} else if alg == &PKCS_RSA_PSS_SHA256 {
-			let rsakp = RsaKeyPair::from_pkcs8(pkcs8).map_err(|e| Error::Ring(e.to_string()))?;
+			let rsakp = RsaKeyPair::from_pkcs8(pkcs8).map_err(key_rejected_err)?;
 			KeyPairKind::Rsa(rsakp, &signature::RSA_PSS_SHA256)
 		} else {
 			panic!("Unknown SignatureAlgorithm specified!");
@@ -181,7 +180,7 @@ impl KeyPair {
 		match alg.sign_alg {
 			SignAlgo::EcDsa(sign_alg) => {
 				let key_pair_doc = EcdsaKeyPair::generate_pkcs8(sign_alg, rng)
-					.map_err(|_| Error::Ring("Unspecified error".into()))?;
+					.map_err(|_| Error::RingUnspecified)?;
 				let key_pair_serialized = key_pair_doc.as_ref().to_vec();
 
 				let key_pair =
@@ -193,8 +192,8 @@ impl KeyPair {
 				})
 			},
 			SignAlgo::EdDsa(_sign_alg) => {
-				let key_pair_doc = Ed25519KeyPair::generate_pkcs8(rng)
-					.map_err(|_| Error::Ring("Unspecified error".into()))?;
+				let key_pair_doc =
+					Ed25519KeyPair::generate_pkcs8(rng).map_err(|_| Error::RingUnspecified)?;
 				let key_pair_serialized = key_pair_doc.as_ref().to_vec();
 
 				let key_pair = Ed25519KeyPair::from_pkcs8(&&key_pair_doc.as_ref()).unwrap();
@@ -237,7 +236,7 @@ impl KeyPair {
 				let system_random = SystemRandom::new();
 				let signature = kp
 					.sign(&system_random, msg)
-					.map_err(|_| Error::Ring("Unspecified error".into()))?;
+					.map_err(|_| Error::RingUnspecified)?;
 				let sig = &signature.as_ref();
 				writer.write_bitvec_bytes(&sig, &sig.len() * 8);
 			},
@@ -250,7 +249,7 @@ impl KeyPair {
 				let system_random = SystemRandom::new();
 				let mut signature = vec![0; kp.public().modulus_len()];
 				kp.sign(*padding_alg, &system_random, msg, &mut signature)
-					.map_err(|_| Error::Ring("Unspecified error".into()))?;
+					.map_err(|_| Error::RingUnspecified)?;
 				let sig = &signature.as_ref();
 				writer.write_bitvec_bytes(&sig, &sig.len() * 8);
 			},
@@ -377,6 +376,10 @@ pub trait RemoteKeyPair {
 	fn algorithm(&self) -> &'static SignatureAlgorithm;
 }
 
+pub(crate) fn key_rejected_err(err: ring::error::KeyRejected) -> Error {
+	Error::RingKeyRejected(err.to_string())
+}
+
 pub(crate) trait PublicKeyData {
 	fn alg(&self) -> &SignatureAlgorithm;
 
diff --git a/rcgen/tests/webpki.rs b/rcgen/tests/webpki.rs
index cfe991c9..2f074aec 100644
--- a/rcgen/tests/webpki.rs
+++ b/rcgen/tests/webpki.rs
@@ -327,7 +327,7 @@ fn from_remote() {
 			self.0
 				.sign(&system_random, msg)
 				.map(|s| s.as_ref().to_owned())
-				.map_err(|e| Error::Ring(e.to_string()))
+				.map_err(|_| Error::RingUnspecified)
 		}
 
 		fn algorithm(&self) -> &'static rcgen::SignatureAlgorithm {