diff --git a/lib/certgen/certgen.go b/lib/certgen/certgen.go
index 654312a..c780971 100644
--- a/lib/certgen/certgen.go
+++ b/lib/certgen/certgen.go
@@ -250,18 +250,13 @@ func derBytesCertToCertAndPem(derBytes []byte) (*x509.Certificate, string, error
 // Thus we will keep the rsa behaviour for compatiblity reasons
 // But for all other keys we will just return the pkix asn1 encoding
 // of the public key
-func getKMCompatbileKeyStableBytesForSerial(priv interface{}, commonName []byte) ([]byte, error) {
-	switch v := priv.(type) {
-	case *rsa.PrivateKey:
+func getKMCompatbileKeyStableBytesForSerial(signer crypto.Signer, commonName []byte) ([]byte, error) {
+	swRSA, ok := signer.(*rsa.PrivateKey)
+	if ok {
 		sum := sha256.Sum256(commonName)
-		return v.Sign(rand.Reader, sum[:], crypto.SHA256)
-	case *ecdsa.PrivateKey:
-		return x509.MarshalPKIXPublicKey(v.Public())
-	case ed25519.PrivateKey:
-		return x509.MarshalPKIXPublicKey(v.Public())
-	default:
-		return nil, fmt.Errorf("Type not recognized  %T!\n", v)
+		return swRSA.Sign(rand.Reader, sum[:], crypto.SHA256)
 	}
+	return x509.MarshalPKIXPublicKey(signer.Public())
 }
 
 // return both an internal representation an the pem representation of the string
diff --git a/lib/certgen/certgen_test.go b/lib/certgen/certgen_test.go
index 326f5dc..4a49e26 100644
--- a/lib/certgen/certgen_test.go
+++ b/lib/certgen/certgen_test.go
@@ -555,12 +555,14 @@ func TestGenx509CertGoodWithRealm(t *testing.T) {
 	// 6. kerberos realm info!
 }
 
+const testSignerSerialNumberCompatValue = "qQn21Wskjm7BubrPwWnFh4swblslkB/H+LxFqOSvl3I="
+
 // GenSelfSignedCACert
 func TestGenSelfSignedCACertGood(t *testing.T) {
 	validPemKeys := []string{testSignerPrivateKey, pkcs8ecPrivateKey, pkcs8Ed25519PrivateKey}
 	publcKeyPems := []string{testUserPEMPublicKey, testP224PublicKey}
 
-	for _, signerPem := range validPemKeys {
+	for signerIndex, signerPem := range validPemKeys {
 		caPriv, err := GetSignerFromPEMBytes([]byte(signerPem))
 		if err != nil {
 			t.Fatal(err)
@@ -575,6 +577,13 @@ func TestGenSelfSignedCACertGood(t *testing.T) {
 			t.Fatal(err)
 		}
 		t.Logf("got '%s'", pemCert)
+		t.Logf("certSerial='%s'", cert.Subject.SerialNumber)
+		if signerIndex == 0 { //
+			//TODO we need a better check for when using the rsa private key
+			if cert.Subject.SerialNumber != testSignerSerialNumberCompatValue {
+				t.Fatal("rsa compat serial number does not match")
+			}
+		}
 
 		derCaCert2, err := GenSelfSignedCACert("some hostname", "some organization", caPriv)
 		if err != nil {