diff --git a/confluent_server/confluent/exceptions.py b/confluent_server/confluent/exceptions.py
index c7711e66..32d573ef 100644
--- a/confluent_server/confluent/exceptions.py
+++ b/confluent_server/confluent/exceptions.py
@@ -15,6 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+import base64
 import json
 
 
@@ -76,10 +77,13 @@ class PubkeyInvalid(ConfluentException):
     apierrorcode = 502
     apierrorstr = '502 - Invalid certificate or key on target'
 
-    def __init__(self, text, fingerprint, attribname):
+    def __init__(self, text, certificate, fingerprint, attribname):
         super(PubkeyInvalid, self).__init__(self, text)
         self.fingerprint = fingerprint
-        self.errorbody = json.dumps({attribname: fingerprint})
+        bodydata = {'fingerprint': fingerprint,
+                    'fingerprintfield': attribname,
+                    'certificate': base64.b64encode(certificate)}
+        self.errorbody = json.dumps(bodydata)
 
     def get_error_body(self):
         return self.errorbody
diff --git a/confluent_server/confluent/util.py b/confluent_server/confluent/util.py
index 5ca59615..ab2999a5 100644
--- a/confluent_server/confluent/util.py
+++ b/confluent_server/confluent/util.py
@@ -93,4 +93,5 @@ class TLSCertVerifier(object):
         elif storedprint[self.node][self.fieldname]['value'] == fingerprint:
             return True
         raise cexc.PubKeyInvalid(
-            'Mismatched certificate detected', fingerprint, self.fieldname)
+            'Mismatched certificate detected', certificate, fingerprint,
+            self.fieldname)