diff --git a/app/models/api_user.rb b/app/models/api_user.rb
index d1582204e..f4d917314 100644
--- a/app/models/api_user.rb
+++ b/app/models/api_user.rb
@@ -1,3 +1,5 @@
+require 'open3'
+
 # rubocop: disable Metrics/ClassLength
 class ApiUser < ActiveRecord::Base
   include Versions # version/api_user_version.rb
@@ -30,13 +32,21 @@ class ApiUser < ActiveRecord::Base
     csr_file.rewind
 
     crt_file = Tempfile.new('client_crt')
-
-    `openssl ca -keyfile #{APP_CONFIG['ca_key_path']} -cert #{APP_CONFIG['ca_cert_path']} \
+    _out, err, _st = Open3.capture3("openssl ca -keyfile #{APP_CONFIG['ca_key_path']} \
+    -cert #{APP_CONFIG['ca_cert_path']} \
     -extensions usr_cert -notext -md sha256 \
-    -in #{csr_file.path} -out #{crt_file.path} -key '#{APP_CONFIG['ca_key_password']}' -batch`
+    -in #{csr_file.path} -out #{crt_file.path} -key '#{APP_CONFIG['ca_key_password']}' -batch")
 
-    crt_file.rewind
-    self.crt = crt_file.read
+    if err.present?
+      errors.add(:base, I18n.t('failed_to_create_certificate'))
+      logger.error('FAILED TO CREATE CLIENT CERTIFICATE')
+      logger.error(err)
+      return false
+    else
+      crt_file.rewind
+      self.crt = crt_file.read
+      return true
+    end
   end
 end
 # rubocop: enable Metrics/ClassLength
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 9f347460f..5ab4ccef9 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -500,3 +500,4 @@ en:
   contact_email: 'Contact e-mail'
   address_help: 'Street name, house no - apartment no, city, county, country, zip'
   download: 'Download'
+  failed_to_create_certificate: 'Failed to create certificate!'