2 files changed, 21 insertions, 10 deletions

diff --git a/standalone/main.go b/standalone/main.go
index 357d53f..8f697c0 100644
--- a/standalone/main.go
+++ b/standalone/main.go
@@ -50,15 +50,6 @@ func Init() (*Bitmask, error) {
 	if err != nil {
 		return nil, err
 	}
-
-	cert, err := b.bonafide.getCertPem()
-	if err != nil {
-		return nil, err
-	}
-	err = ioutil.WriteFile(b.getCertPemPath(), cert, 0600)
-	if err != nil {
-		return nil, err
-	}
 	err = ioutil.WriteFile(b.getCaCertPath(), caCert, 0600)
 
 	go b.openvpnManagement()
diff --git a/standalone/vpn.go b/standalone/vpn.go
index fddda6e..e3ecca4 100644
--- a/standalone/vpn.go
+++ b/standalone/vpn.go
@@ -16,6 +16,8 @@
 package bitmask
 
 import (
+	"io/ioutil"
+	"os"
 	"path"
 )
 
@@ -30,6 +32,11 @@ func (b *Bitmask) StartVPN(provider string) error {
 	if err != nil {
 		return err
 	}
+	certPemPath, err := b.getCert()
+	if err != nil {
+		return err
+	}
+
 	err = b.launch.firewallStart(gateways)
 	if err != nil {
 		return err
@@ -42,7 +49,6 @@ func (b *Bitmask) StartVPN(provider string) error {
 	for _, gw := range gateways {
 		arg = append(arg, "--remote", gw.IPAddress, "443", "tcp4")
 	}
-	certPemPath := b.getCertPemPath()
 	arg = append(arg,
 		"--verb", "1",
 		"--management-client",
@@ -53,6 +59,20 @@ func (b *Bitmask) StartVPN(provider string) error {
 	return b.launch.openvpnStart(arg...)
 }
 
+func (b *Bitmask) getCert() (certPath string, err error) {
+	certPath = b.getCertPemPath()
+
+	if _, err := os.Stat(certPath); os.IsNotExist(err) {
+		cert, err := b.bonafide.getCertPem()
+		if err != nil {
+			return "", err
+		}
+		err = ioutil.WriteFile(certPath, cert, 0600)
+	}
+
+	return certPath, err
+}
+
 // StopVPN or cancel
 func (b *Bitmask) StopVPN() error {
 	err := b.launch.firewallStop()