diff --git a/app/models/certificate.rb b/app/models/certificate.rb
index 8505bb7ce..22a865cc7 100644
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@@ -2,6 +2,7 @@ require 'open3'
 
 class Certificate < ApplicationRecord
   include Versions
+  include Certificate::CertificateConcern
 
   belongs_to :api_user
 
@@ -35,7 +36,6 @@ class Certificate < ApplicationRecord
   end
 
   validate :assign_metadata, on: :create
-
   def assign_metadata
     return if errors.any?
 
@@ -44,14 +44,6 @@ class Certificate < ApplicationRecord
     errors.add(:base, I18n.t(:invalid_csr_or_crt))
   end
 
-  def parse_metadata(origin)
-    pc = origin.subject.to_s
-    cn = pc.scan(%r{\/CN=(.+)}).flatten.first
-    self.common_name = cn.split('/').first
-    self.md5 = OpenSSL::Digest::MD5.new(origin.to_der).to_s if crt
-    self.interface = crt ? API : REGISTRAR
-  end
-
   def parsed_crt
     @p_crt ||= OpenSSL::X509::Certificate.new(crt) if crt
   end
@@ -109,35 +101,20 @@ class Certificate < ApplicationRecord
     handle_revocation_failure(err_output)
   end
 
-  class << self
-    def tostdout(message)
-      time = Time.zone.now.utc
-      $stdout << "#{time} - #{message}\n" unless Rails.env.test?
-    end
-
-    def update_crl
-      tostdout('Running crlupdater')
-      system('/bin/bash', ENV['crl_updater_path'].to_s)
-      tostdout('Finished running crlupdater')
-    end
-
-    def parse_md_from_string(crt)
-      return if crt.blank?
-
-      crt = crt.split(' ').join("\n")
-      crt.gsub!("-----BEGIN\nCERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n")
-      crt.gsub!("\n-----END\nCERTIFICATE-----", "\n-----END CERTIFICATE-----")
-      cert = OpenSSL::X509::Certificate.new(crt)
-      OpenSSL::Digest::MD5.new(cert.to_der).to_s
-    end
-  end
-
   private
 
   def certificate_origin
     crt ? parsed_crt : parsed_csr
   end
 
+  def parse_metadata(origin)
+    pc = origin.subject.to_s
+    cn = pc.scan(%r{\/CN=(.+)}).flatten.first
+    self.common_name = cn.split('/').first
+    self.md5 = OpenSSL::Digest::MD5.new(origin.to_der).to_s if crt
+    self.interface = crt ? API : REGISTRAR
+  end
+
   def create_tempfile(filename, content = '')
     tempfile = Tempfile.new(filename)
     tempfile.write(content)
diff --git a/app/models/concerns/certificate/certificate_concern.rb b/app/models/concerns/certificate/certificate_concern.rb
new file mode 100644
index 000000000..b56e92e43
--- /dev/null
+++ b/app/models/concerns/certificate/certificate_concern.rb
@@ -0,0 +1,27 @@
+# app/models/concerns/certificate_concern.rb
+module Certificate::CertificateConcern
+  extend ActiveSupport::Concern
+
+  class_methods do
+    def tostdout(message)
+      time = Time.zone.now.utc
+      $stdout << "#{time} - #{message}\n" unless Rails.env.test?
+    end
+
+    def update_crl
+      tostdout('Running crlupdater')
+      system('/bin/bash', ENV['crl_updater_path'].to_s)
+      tostdout('Finished running crlupdater')
+    end
+
+    def parse_md_from_string(crt)
+      return if crt.blank?
+
+      crt = crt.split(' ').join("\n")
+      crt.gsub!("-----BEGIN\nCERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n")
+      crt.gsub!("\n-----END\nCERTIFICATE-----", "\n-----END CERTIFICATE-----")
+      cert = OpenSSL::X509::Certificate.new(crt)
+      OpenSSL::Digest::MD5.new(cert.to_der).to_s
+    end
+  end
+end