diff --git a/lib/Vyatta/OpenVPN/Config.pm b/lib/Vyatta/OpenVPN/Config.pm
index b2537fe..f8da4fb 100644
--- a/lib/Vyatta/OpenVPN/Config.pm
+++ b/lib/Vyatta/OpenVPN/Config.pm
@@ -747,13 +747,18 @@ sub get_command {
         if( !($client && $password_auth_def) ) {
             return (undef, 'Must specify "tls cert-file"')
                 if (!defined($self->{_tls_cert}));
+            return (undef, 'Must specify "tls key-file"')
+                if (!defined($self->{_tls_key}));
+        }
+
+        if (defined($self->{_tls_cert})) {
             $hdrs = checkHeader("-----BEGIN CERTIFICATE-----", $self->{_tls_cert});
             return (undef, "Specified cert-file \"$self->{_tls_cert}\" is not valid")
                 if ($hdrs != 0);
             $cmd .= " --cert $self->{_tls_cert}";
+        }
 
-            return (undef, 'Must specify "tls key-file"')
-                if (!defined($self->{_tls_key}));
+        if (defined($self->{_tls_key})) {
             $hdrs = checkHeader("-----BEGIN (?:RSA )?PRIVATE KEY-----", $self->{_tls_key});
             return (undef, "Specified key-file \"$self->{_tls_key}\" is not valid")
                 if ($hdrs != 0);