diff --git a/lib/bootstrap.py b/lib/bootstrap.py
index 41a1f2c1aa15e8eac417124a75fb512b5413c28f..16daf53fb1657339fa31c5f2d8bb93cdbb2dd65c 100644
--- a/lib/bootstrap.py
+++ b/lib/bootstrap.py
@@ -96,6 +96,10 @@ def _InitGanetiServerSetup():
   """
   _GenerateSelfSignedSslCert(constants.SSL_CERT_FILE)
 
+  # Don't overwrite existing file
+  if not os.path.exists(constants.RAPI_CERT_FILE):
+    _GenerateSelfSignedSslCert(constants.RAPI_CERT_FILE)
+
   result = utils.RunCmd([constants.NODE_INITD_SCRIPT, "restart"])
 
   if result.failed:
diff --git a/lib/constants.py b/lib/constants.py
index 9ae904414a46e2dc757f164b96fa16ddfce2c378..84e7b5925e5f8180415b16acb3aba0e2b898fb92 100644
--- a/lib/constants.py
+++ b/lib/constants.py
@@ -94,6 +94,7 @@ LOCK_DIR = _autoconf.LOCALSTATEDIR + "/lock"
 SSCONF_LOCK_FILE = LOCK_DIR + "/ganeti-ssconf.lock"
 CLUSTER_CONF_FILE = DATA_DIR + "/config.data"
 SSL_CERT_FILE = DATA_DIR + "/server.pem"
+RAPI_CERT_FILE = DATA_DIR + "/rapi.pem"
 WATCHER_STATEFILE = DATA_DIR + "/watcher.data"
 SSH_KNOWN_HOSTS_FILE = DATA_DIR + "/known_hosts"
 RAPI_USERS_FILE = DATA_DIR + "/rapi_users"