# File lib/puppet/ssl/host.rb, line 156
156:   def certificate
157:     unless @certificate
158:       generate_key unless key
159: 
160:       # get the CA cert first, since it's required for the normal cert
161:       # to be of any use.
162:       return nil unless Certificate.find("ca") unless ca?
163:       return nil unless @certificate = Certificate.find(name)
164: 
165:       unless certificate_matches_key?
166:         raise Puppet::Error, "Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key"
167:       end
168:     end
169:     @certificate
170:   end