diff --git a/README.rst b/README.rst
index 8ef38662829b175d5a3a7487e197c36b5160cb30..54b739ffa82671ef6f4785ec0fe9d0f61ff8ad1e 100644
--- a/README.rst
+++ b/README.rst
@@ -81,4 +81,4 @@ at: https://www.shore.co.il/cgit/.
 TODO
 ----
 
-- Add checks and failure messages to each action.
+Nothing to see here.
diff --git a/ssl-ca b/ssl-ca
index 464a4661deeb70295086a1ee0ca1a0a2181539cd..7097cb20e31f69cb5f31a0fb2c2c406e6f7434a4 100755
--- a/ssl-ca
+++ b/ssl-ca
@@ -40,7 +40,12 @@ usage () {
 
 init () {
     mkdir -p "certs" "keys"
-    echo "$config" > "openssl.cnf"
+    if [ -a openssl.cnf ]
+    then
+        echo openssl.cnf already exists, skipping generation.
+    else
+        echo "$config" > "openssl.cnf"
+    fi
     openssl genrsa \
         -out CA.key
     openssl req \
@@ -52,6 +57,22 @@ init () {
 }
 
 sign_key () {
+    if [ $# -lt 1 ] || [ "$1" == "" ]
+    then
+        echo "No host specified."
+        exit 1
+    fi
+    if [ ! -f CA.crt ] || [ ! -f CA.key ] || [ ! -d keys ] || [ ! -d certs ] ||
+        [ ! -f openssl.cnf ]
+    then
+        echo "CA isn't initialized properly."
+        exit 1
+    fi
+    if [ ! -f "keys/$1" ]
+    then
+        echo "Can't find key to sign."
+        exit 1
+    fi
     csr="$(mktemp -t ssl-ca)"
     export domain="$1.$(basename $PWD)"
     openssl req \
@@ -59,7 +80,7 @@ sign_key () {
         -new \
         -config openssl.cnf \
         -out "$csr"
-    fqdn="$1.$domain" openssl x509 \
+    openssl x509 \
         -req \
         -in "$csr" \
         -out "certs/$1" \
@@ -71,6 +92,21 @@ sign_key () {
 }
 
 gen_key () {
+    if [ $# -lt 1 ] || [ "$1" == "" ]
+    then
+        echo "No host specified."
+        exit 1
+    fi
+    if [ ! -d keys ]
+    then
+        echo "keys directory doesn't exists, run ssl-ca init to rectify."
+        exit 1
+    fi
+    if [ -a "keys/$1" ]
+    then
+        echo "Key already exists."
+        exit 1
+    fi
     openssl genrsa -out "keys/$1"
 }