diff --git a/base/common/src/main/java/org/dogtag/util/cert/CertUtil.java b/base/common/src/main/java/org/dogtag/util/cert/CertUtil.java
index 782dd6eab40..74a28ae0879 100644
--- a/base/common/src/main/java/org/dogtag/util/cert/CertUtil.java
+++ b/base/common/src/main/java/org/dogtag/util/cert/CertUtil.java
@@ -388,4 +388,25 @@ public static Set<CertificateUsage> getCertificateUsages(String nickname) throws
 
         return usages;
     }
+
+    /**
+     * Verify certificate usage.
+     */
+    public static void verifyCertificateUsage(String nickname, String certUsage) throws Exception {
+
+        CryptoManager cm = CryptoManager.getInstance();
+        CertificateUsage cu = CertUtil.toCertificateUsage(certUsage);
+
+        if (cu.getUsage() == CertificateUsage.CheckAllUsages.getUsage()) {
+            // check all possible usages
+            int currentUsages = cm.isCertValid(nickname, true);
+            if (currentUsages == CertificateUsage.basicCertificateUsages) {
+                throw new Exception("Certificate is unusable");
+            }
+            return;
+        }
+
+        // check the specified usage
+        cm.verifyCertificate(nickname, true, cu);
+    }
 }
diff --git a/base/tools/src/main/java/com/netscape/cmstools/client/ClientCertValidateCLI.java b/base/tools/src/main/java/com/netscape/cmstools/client/ClientCertValidateCLI.java
index ae52bc8cfcc..61132773615 100644
--- a/base/tools/src/main/java/com/netscape/cmstools/client/ClientCertValidateCLI.java
+++ b/base/tools/src/main/java/com/netscape/cmstools/client/ClientCertValidateCLI.java
@@ -18,7 +18,6 @@
 
 package com.netscape.cmstools.client;
 
-import java.security.cert.CertificateException;
 import java.util.Set;
 
 import org.apache.commons.cli.CommandLine;
@@ -27,7 +26,6 @@
 import org.dogtag.util.cert.CertUtil;
 import org.dogtagpki.cli.CommandCLI;
 import org.mozilla.jss.CertificateUsage;
-import org.mozilla.jss.CryptoManager;
 
 import com.netscape.cmstools.cli.MainCLI;
 
@@ -84,36 +82,13 @@ public void execute(CommandLine cmd) throws Exception {
             return;
         }
 
-        boolean isValid = verifySystemCertByNickname(nickname, certusage);
-
-        if (isValid) {
-            System.exit(0);
-        } else {
-            System.exit(1);
-        }
-    }
-
-    public boolean verifySystemCertByNickname(String nickname, String certusage) throws Exception {
-        CertificateUsage cu = CertUtil.toCertificateUsage(certusage);
-        CryptoManager cm = CryptoManager.getInstance();
-        if (cu.getUsage() == CertificateUsage.CheckAllUsages.getUsage()) {
-            // check all possible usages
-            int ccu = cm.isCertValid(nickname, true);
-            if (ccu == CertificateUsage.basicCertificateUsages) {
-                /* cert is good for nothing */
-                System.out.println("Cert is good for nothing: " + nickname);
-                return false;
-            }
-            return true;
-        }
         try {
-            cm.verifyCertificate(nickname, true, cu);
-            System.out.println("Valid certificate: " + nickname);
-            return true;
-        } catch (CertificateException e) {
-            // Invalid certificate: (<code>) <message>
+            CertUtil.verifyCertificateUsage(nickname, certusage);
+            System.out.println("Certificate is valid");
+
+        } catch (Exception e) {
             System.out.println(e.getMessage());
-            return false;
+            System.exit(1);
         }
     }
 }