diff --git a/lib/Controller/KeyController.php b/lib/Controller/KeyController.php
index b625b4562..2974b2b1c 100644
--- a/lib/Controller/KeyController.php
+++ b/lib/Controller/KeyController.php
@@ -15,6 +15,7 @@
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSBadRequestException;
+use OCP\AppFramework\OCS\OCSException;
 use OCP\AppFramework\OCS\OCSForbiddenException;
 use OCP\AppFramework\OCS\OCSNotFoundException;
 use OCP\AppFramework\OCSController;
@@ -185,20 +186,23 @@ public function createPublicKey(string $csr): DataResponse {
 
 		try {
 			$subject = openssl_csr_get_subject($csr);
+
+			$cn = isset($subject['CN']) ? $subject['CN'] : '';
+			if ($cn !== $this->userId) {
+				throw new OCSForbiddenException($this->l10n->t('Common name (CN) does not match the current user'));
+			}
+
 			$publicKey = $this->signatureHandler->sign($csr);
 		} catch (BadMethodCallException $e) {
 			$this->logger->critical($e->getMessage(), ['exception' => $e, 'app' => $this->appName]);
 			throw new OCSBadRequestException($e->getMessage());
+		} catch (OCSException $e) {
+			throw $e;
 		} catch (Exception $e) {
 			$this->logger->critical($e->getMessage(), ['exception' => $e, 'app' => $this->appName]);
 			throw new OCSBadRequestException($this->l10n->t('Internal error'));
 		}
 
-		$cn = isset($subject['CN']) ? $subject['CN'] : '';
-		if ($cn !== $this->userId) {
-			throw new OCSForbiddenException($this->l10n->t('Common name (CN) does not match the current user'));
-		}
-
 		$this->keyStorage->setPublicKey($publicKey, $this->userId);
 
 		return new DataResponse(['public-key' => $publicKey]);