diff --git a/tests/unittests/torture_pki_ecdsa.c b/tests/unittests/torture_pki_ecdsa.c
index 6c6e3012..0995a14b 100644
--- a/tests/unittests/torture_pki_ecdsa.c
+++ b/tests/unittests/torture_pki_ecdsa.c
@@ -337,6 +337,11 @@ static void torture_pki_ecdsa_import_cert_file(void **state)
     enum ssh_keytypes_e type;
     struct pki_st *test_state = *((struct pki_st **)state);
 
+    /* Importing public key as cert should fail */
+    rc = ssh_pki_import_cert_file(LIBSSH_ECDSA_TESTKEY ".pub", &cert);
+    assert_int_equal(rc, SSH_ERROR);
+    assert_null(cert);
+
     rc = ssh_pki_import_cert_file(LIBSSH_ECDSA_TESTKEY "-cert.pub", &cert);
     assert_int_equal(rc, 0);
     assert_non_null(cert);
diff --git a/tests/unittests/torture_pki_ed25519.c b/tests/unittests/torture_pki_ed25519.c
index 764df04e..cf83ed0b 100644
--- a/tests/unittests/torture_pki_ed25519.c
+++ b/tests/unittests/torture_pki_ed25519.c
@@ -317,6 +317,11 @@ static void torture_pki_ed25519_import_cert_file(void **state)
 
     (void) state; /* unused */
 
+    /* Importing public key as cert should fail */
+    rc = ssh_pki_import_cert_file(LIBSSH_ED25519_TESTKEY ".pub", &cert);
+    assert_int_equal(rc, SSH_ERROR);
+    assert_null(cert);
+
     rc = ssh_pki_import_cert_file(LIBSSH_ED25519_TESTKEY "-cert.pub", &cert);
     assert_true(rc == 0);
     assert_non_null(cert);
diff --git a/tests/unittests/torture_pki_rsa.c b/tests/unittests/torture_pki_rsa.c
index c1cca6ae..1700270e 100644
--- a/tests/unittests/torture_pki_rsa.c
+++ b/tests/unittests/torture_pki_rsa.c
@@ -330,7 +330,12 @@ static void torture_pki_rsa_copy_cert_to_privkey(void **state)
     ssh_key privkey = NULL;
     ssh_key cert = NULL;
 
-    (void) state; /* unused */
+    (void)state; /* unused */
+
+    /* Importing public key as cert should fail */
+    rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY ".pub", &cert);
+    assert_int_equal(rc, SSH_ERROR);
+    assert_null(cert);
 
     rc = ssh_pki_import_cert_file(LIBSSH_RSA_TESTKEY "-cert.pub", &cert);
     assert_return_code(rc, errno);
@@ -372,6 +377,22 @@ static void torture_pki_rsa_copy_cert_to_privkey(void **state)
     rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
     assert_int_equal(rc, SSH_ERROR);
 
+    SSH_KEY_FREE(privkey);
+    SSH_KEY_FREE(pubkey);
+
+    /* Generate different key and try to assign it this certificate */
+    rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &privkey);
+    assert_return_code(rc, errno);
+    assert_non_null(privkey);
+    rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
+    assert_return_code(rc, errno);
+    assert_non_null(pubkey);
+
+    rc = ssh_pki_copy_cert_to_privkey(cert, privkey);
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_pki_copy_cert_to_privkey(cert, pubkey);
+    assert_int_equal(rc, SSH_ERROR);
+
     SSH_KEY_FREE(cert);
     SSH_KEY_FREE(privkey);
     SSH_KEY_FREE(pubkey);