diff --git a/authority/authority.go b/authority/authority.go
index f0e45808..3bc88c0a 100644
--- a/authority/authority.go
+++ b/authority/authority.go
@@ -224,6 +224,9 @@ func (a *Authority) init() error {
 				DecryptionKey: a.config.IntermediateKey,
 				Password:      []byte(a.config.Password),
 			})
+			if err != nil {
+				return err
+			}
 		}
 
 		a.scepService = &scep.Service{
diff --git a/scep/api/api.go b/scep/api/api.go
index 13aeec21..a9e4d840 100644
--- a/scep/api/api.go
+++ b/scep/api/api.go
@@ -315,13 +315,6 @@ func (h *Handler) PKIOperation(ctx context.Context, request SCEPRequest) (SCEPRe
 	return response, nil
 }
 
-func certName(cert *x509.Certificate) string {
-	if cert.Subject.CommonName != "" {
-		return cert.Subject.CommonName
-	}
-	return string(cert.Signature)
-}
-
 func formatCapabilities(caps []string) []byte {
 	return []byte(strings.Join(caps, "\r\n"))
 }
diff --git a/scep/authority.go b/scep/authority.go
index 157854f1..69d83554 100644
--- a/scep/authority.go
+++ b/scep/authority.go
@@ -3,8 +3,6 @@ package scep
 import (
 	"bytes"
 	"context"
-	"crypto"
-	"crypto/sha1"
 	"crypto/x509"
 	"errors"
 	"fmt"
@@ -512,20 +510,6 @@ func degenerateCertificates(certs []*x509.Certificate) ([]byte, error) {
 	return degenerate, nil
 }
 
-// createKeyIdentifier creates an identifier for public keys
-// according to the first method in RFC5280 section 4.2.1.2.
-func createKeyIdentifier(pub crypto.PublicKey) ([]byte, error) {
-
-	keyBytes, err := x509.MarshalPKIXPublicKey(pub)
-	if err != nil {
-		return nil, err
-	}
-
-	id := sha1.Sum(keyBytes)
-
-	return id[:], nil
-}
-
 // Interface guards
 var (
 	_ Interface = (*Authority)(nil)
diff --git a/scep/certificate.go b/scep/certificate.go
index fe48d29e..5e43b762 100644
--- a/scep/certificate.go
+++ b/scep/certificate.go
@@ -65,16 +65,16 @@ func newCert(db nosql.DB, ops CertOptions) (*certificate, error) {
 	}
 }
 
-func getCert(db nosql.DB, id string) (*certificate, error) {
-	b, err := db.Get(certTable, []byte(id))
-	if nosql.IsErrNotFound(err) {
-		return nil, fmt.Errorf("certificate %s not found", id)
-	} else if err != nil {
-		return nil, fmt.Errorf("error loading certificate")
-	}
-	var cert certificate
-	if err := json.Unmarshal(b, &cert); err != nil {
-		return nil, fmt.Errorf("%w: error unmarshaling certificate", err)
-	}
-	return &cert, nil
-}
+// func getCert(db nosql.DB, id string) (*certificate, error) {
+// 	b, err := db.Get(certTable, []byte(id))
+// 	if nosql.IsErrNotFound(err) {
+// 		return nil, fmt.Errorf("certificate %s not found", id)
+// 	} else if err != nil {
+// 		return nil, fmt.Errorf("error loading certificate")
+// 	}
+// 	var cert certificate
+// 	if err := json.Unmarshal(b, &cert); err != nil {
+// 		return nil, fmt.Errorf("%w: error unmarshaling certificate", err)
+// 	}
+// 	return &cert, nil
+// }
diff --git a/scep/scep.go b/scep/scep.go
index 0c25ec4c..f56176d7 100644
--- a/scep/scep.go
+++ b/scep/scep.go
@@ -31,8 +31,9 @@ var (
 	oidSCEPsenderNonce    = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 5}
 	oidSCEPrecipientNonce = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 6}
 	oidSCEPtransactionID  = asn1.ObjectIdentifier{2, 16, 840, 1, 113733, 1, 9, 7}
-	oidChallengePassword  = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 7}
 	oidSCEPfailInfoText   = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 24}
+	//oidChallengePassword  = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 7}
+
 )
 
 // PKIMessage defines the possible SCEP message types