diff --git a/scripts/get-ca-keys b/scripts/get-ca-keys
index 98c6a54..51fe717 100755
--- a/scripts/get-ca-keys
+++ b/scripts/get-ca-keys
@@ -1,14 +1,24 @@
 #!/usr/bin/env python
-
+import argparse
 import json
 import requests
 import sys
 import uuid
 
-server = 'http://172.24.4.1:18322'
-auth_id = str(uuid.UUID(sys.argv[1], version=4))
-response = requests.get(
-    server + '/authorities/' + auth_id)
-assert response.status_code == 200
-auth = json.loads(response.content)
-print auth
+parser = argparse.ArgumentParser(description="Get the CA's public keys from Tatu API.")
+parser.add_argument('--projid', '-P', required=True)
+parser.add_argument('--tatu-url', default= 'http://127.0.0.1:18322',
+                    help='URL of the Tatu API')
+args = parser.parse_args()
+
+try:
+    auth_id = str(uuid.UUID(args.projid, version=4))
+except:
+    print '--projid should be the UUID of a Tatu CA (usually a cloud tenant/project).'
+    exit()
+
+server = args.tatu_url
+response = requests.get(server + '/authorities/' + auth_id)
+if response.status_code != 200:
+    print 'Failed to retrieve the CA keys.'
+print response.content
diff --git a/scripts/get-user-cert b/scripts/get-user-cert
old mode 100644
new mode 100755
index 3800321..6fb843d
--- a/scripts/get-user-cert
+++ b/scripts/get-user-cert
@@ -1,56 +1,56 @@
+#!/usr/bin/env python
+import argparse
 import json
-import requests
 import os
+import requests
 import subprocess
 import uuid
 from Crypto.PublicKey import RSA
 
-keyfile = '/opt/stack/.ssh/mykey'
-user_id = str(uuid.uuid4())
-auth_id = str(uuid.UUID('0852c6cd6209425c88de582acbcd1170', version=4))
-key = RSA.generate(2048)
-keytxt = key.exportKey('PEM')
-pubkeytxt = key.publickey().exportKey('OpenSSH')
-server = 'http://127.0.0.1:18321'
+parser = argparse.ArgumentParser(description='Get a user certificate from Tatu API.')
+parser.add_argument('--projid', '-P', required=True)
+parser.add_argument('--pubkeyfile', '-K', required=True)
+parser.add_argument('--userid', '-U', required=True)
+parser.add_argument('--tatu-url', default= 'http://127.0.0.1:18322',
+                    help='URL of the Tatu API')
+args = parser.parse_args()
+
+if not os.path.isfile(args.pubkeyfile):
+    print '--pubkeyfile must point to a valid public key.'
+    exit()
+try:
+    auth_id = str(uuid.UUID(args.projid, version=4))
+except:
+    print '--projid should be the UUID of a Tatu CA (usually a cloud tenant/project).'
+    exit()
+try:
+    user_id = str(uuid.UUID(args.userid, version=4))
+except:
+    print '--userid should be the UUID of a user with permissions in the cloud project.'
+    exit()
+
+with open(args.pubkeyfile, 'r') as f:
+    pubkeytext = f.read()
+
+server = args.tatu_url
 
 user = {
     'user_id': user_id,
     'auth_id': auth_id,
-    'key.pub': pubkeytxt
+    'key.pub': pubkeytext
 }
 
 response = requests.post(
-  server + '/usercerts',
-  data=json.dumps(user)
+    server + '/usercerts',
+    data=json.dumps(user)
 )
-assert response.status_code == 201
+if response.status_code != 201:
+    print 'Failed: ' + response
+    exit()
+
 assert 'location' in response.headers
 location = response.headers['location']
-print location
-
 response = requests.get(server + location)
 usercert = json.loads(response.content)
-assert 'user_id' in usercert
-assert usercert['user_id'] == user_id
-assert 'fingerprint' in usercert
-assert 'auth_id' in usercert
-au = str(uuid.UUID(usercert['auth_id'], version=4))
-assert au == auth_id
-assert 'key-cert.pub' in usercert
 
-# Write the user's ID
-with open(keyfile + '_user_id', 'w') as f:
-  f.write(user_id)
-
-# Write the user private key
-with open(keyfile, 'w') as f:
-  f.write(keytxt)
-os.chmod(keyfile, 0600)
-
-# Write the user public key
-with open(keyfile + '.pub', 'w') as f:
-  f.write(pubkeytxt)
-
-# Write the user certificate
-with open(keyfile + '-cert.pub', 'w') as f:
-  f.write(usercert['key-cert.pub'])
+print usercert['key-cert.pub']
diff --git a/setup.cfg b/setup.cfg
index 6f70897..70826ca 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -20,3 +20,6 @@ classifier =
     Development Status :: 3 - Alpha
 keywords = ssh certificate bastion
 
+[entry_points]
+console_scripts =
+    tatu-notify = tatu.notifications:main
diff --git a/tatu/db/models.py b/tatu/db/models.py
index 391c1fb..12d5f1c 100644
--- a/tatu/db/models.py
+++ b/tatu/db/models.py
@@ -51,7 +51,7 @@ def createUserCert(session, user_id, auth_id, pub):
     fingerprint = sshpubkeys.SSHKey(pub).hash_md5()
     certRecord = session.query(UserCert).get([user_id, fingerprint])
     if certRecord is not None:
-      raise falcon.HTTPConflict('This public key is already signed.')
+      return certRecord
     cert = generateCert(auth.user_key, pub, principals='admin,root')
     if cert is None:
       raise falcon.HTTPInternalServerError("Failed to generate the certificate")