diff --git a/lib/bootstrap.py b/lib/bootstrap.py
index b228433283e6dbbf8e053e5702d5e55fb8a866e2..ae0fae77363830768602e6ab63af93fa4141e75e 100644
--- a/lib/bootstrap.py
+++ b/lib/bootstrap.py
@@ -66,7 +66,7 @@ def _InitSSHSetup():
   utils.AddAuthorizedKey(auth_keys, utils.ReadFile(pub_key))
 
 
-def _GenerateSelfSignedSslCert(file_name, validity=(365 * 5)):
+def GenerateSelfSignedSslCert(file_name, validity=(365 * 5)):
   """Generates a self-signed SSL certificate.
 
   @type file_name: str
@@ -107,11 +107,11 @@ def _InitGanetiServerSetup():
   the cluster and also generates the SSL certificate.
 
   """
-  _GenerateSelfSignedSslCert(constants.SSL_CERT_FILE)
+  GenerateSelfSignedSslCert(constants.SSL_CERT_FILE)
 
   # Don't overwrite existing file
   if not os.path.exists(constants.RAPI_CERT_FILE):
-    _GenerateSelfSignedSslCert(constants.RAPI_CERT_FILE)
+    GenerateSelfSignedSslCert(constants.RAPI_CERT_FILE)
 
   if not os.path.exists(constants.HMAC_CLUSTER_KEY):
     utils.WriteFile(constants.HMAC_CLUSTER_KEY,
diff --git a/lib/config.py b/lib/config.py
index 1905aa8be1b18a44c7379252b533594f96674d9b..a70a71bed62b14bfd32f5b9bb8887f40dbba18cb 100644
--- a/lib/config.py
+++ b/lib/config.py
@@ -1211,7 +1211,7 @@ class ConfigWriter:
     # Write ssconf files on all nodes (including locally)
     if self._last_cluster_serial < self._config_data.cluster.serial_no:
       if not self._offline:
-        result = rpc.RpcRunner.call_write_ssconf_files(\
+        result = rpc.RpcRunner.call_write_ssconf_files(
           self._UnlockedGetNodeList(),
           self._UnlockedGetSsconfValues())
         for nname, nresu in result.items():
diff --git a/tools/cfgupgrade b/tools/cfgupgrade
index 7ff09e51c97483a57eaeae3fd1455ec8de6438f4..9c6b225d74de567026bb3a48aff47d5bc06e1f43 100755
--- a/tools/cfgupgrade
+++ b/tools/cfgupgrade
@@ -170,7 +170,7 @@ def main():
     if not options.dry_run:
       if not os.path.exists(options.RAPI_CERT_FILE):
         logging.debug("Writing RAPI certificate to %s", options.RAPI_CERT_FILE)
-        bootstrap._GenerateSelfSignedSslCert(options.RAPI_CERT_FILE)
+        bootstrap.GenerateSelfSignedSslCert(options.RAPI_CERT_FILE)
 
   except:
     logging.critical("Writing configuration failed. It is probably in an"