diff --git a/lib/puppet/application/certificate.rb b/lib/puppet/application/certificate.rb
index 48736fc84..f4b13ffe0 100644
--- a/lib/puppet/application/certificate.rb
+++ b/lib/puppet/application/certificate.rb
@@ -1,12 +1,27 @@
 require 'puppet/application/indirection_base'
 
 class Puppet::Application::Certificate < Puppet::Application::IndirectionBase
 
   # Luke used to call this --ca but that's taken by the global boolean --ca.
   # Since these options map CA terminology to indirector terminology, it's
   # now called --ca-location.
   option "--ca-location CA_LOCATION" do |arg|
     Puppet::SSL::Host.ca_location = arg.to_sym
   end
 
+  def setup
+
+    unless Puppet::SSL::Host.ca_location
+      raise ArgumentError, "You must have a CA location specified; use --ca-location to specify the location (remote, local, only)"
+    end
+
+    location = Puppet::SSL::Host.ca_location
+    if location == :local && !Puppet::SSL::CertificateAuthority.ca?
+      self.class.run_mode("master")
+      self.set_run_mode self.class.run_mode
+    end
+
+    super
+  end
+
 end
diff --git a/lib/puppet/interface/certificate.rb b/lib/puppet/interface/certificate.rb
index 4088a4557..5c06cdc29 100644
--- a/lib/puppet/interface/certificate.rb
+++ b/lib/puppet/interface/certificate.rb
@@ -1,31 +1,29 @@
 require 'puppet/interface/indirector'
 require 'puppet/ssl/host'
 
 Puppet::Interface::Indirector.interface(:certificate) do
 
   action :generate do
     invoke do |name|
       host = Puppet::SSL::Host.new(name)
       host.generate_certificate_request
       host.certificate_request.class.indirection.save(host.certificate_request)
     end
   end
 
-  action :sign do |name|
-    invoke do |name|
-      unless Puppet::SSL::Host.ca_location
-        raise ArgumentError, "You must have a CA location specified; use --ca-location to specify the location (remote, local, only)"
-      end
-
-      location = Puppet::SSL::Host.ca_location
-      if location == :local && !Puppet::SSL::CertificateAuthority.ca?
-        app = Puppet::Application[:certificate]
-        app.class.run_mode("master")
-        app.set_run_mode Puppet::Application[:certificate].class.run_mode
+  action :list do
+    invoke do
+      Puppet::SSL::Host.indirection.search("*").each do |host|
+        puts host.inspect
       end
+      nil
+    end
+  end
 
+  action :sign do |name|
+    invoke do |name|
       Puppet::SSL::Host.indirection.save(Puppet::SSL::Host.new(name))
-
     end
   end
+
 end