diff --git a/magnum/conductor/handlers/common/cert_manager.py b/magnum/conductor/handlers/common/cert_manager.py
index 4e830f2cf9..6dca138e6f 100755
--- a/magnum/conductor/handlers/common/cert_manager.py
+++ b/magnum/conductor/handlers/common/cert_manager.py
@@ -13,6 +13,7 @@
 # under the License.
 
 from oslo_log import log as logging
+from oslo_utils import encodeutils
 import six
 
 from magnum.common import cert_manager
@@ -150,15 +151,16 @@ def create_client_files(cluster, context=None):
         magnum_cert = get_cluster_magnum_cert(cluster, context)
 
         ca_file = tempfile.NamedTemporaryFile(mode="w+")
-        ca_file.write(ca_cert.get_certificate())
+        ca_file.write(encodeutils.safe_decode(ca_cert.get_certificate()))
         ca_file.flush()
 
         key_file = tempfile.NamedTemporaryFile(mode="w+")
-        key_file.write(magnum_cert.get_decrypted_private_key())
+        key_file.write(encodeutils.safe_decode(
+            magnum_cert.get_decrypted_private_key()))
         key_file.flush()
 
         cert_file = tempfile.NamedTemporaryFile(mode="w+")
-        cert_file.write(magnum_cert.get_certificate())
+        cert_file.write(encodeutils.safe_decode(magnum_cert.get_certificate()))
         cert_file.flush()
 
     else:
@@ -175,15 +177,17 @@ def create_client_files(cluster, context=None):
             magnum_cert = get_cluster_magnum_cert(cluster, context)
 
             ca_file = open(cached_ca_file, "w+")
-            ca_file.write(ca_cert.get_certificate())
+            ca_file.write(encodeutils.safe_decode(ca_cert.get_certificate()))
             ca_file.flush()
 
             key_file = open(cached_key_file, "w+")
-            key_file.write(magnum_cert.get_decrypted_private_key())
+            key_file.write(encodeutils.safe_decode(
+                magnum_cert.get_decrypted_private_key()))
             key_file.flush()
 
             cert_file = open(cached_cert_file, "w+")
-            cert_file.write(magnum_cert.get_certificate())
+            cert_file.write(
+                encodeutils.safe_decode(magnum_cert.get_certificate()))
             cert_file.flush()
 
             os.chmod(cached_ca_file, 0o600)
diff --git a/magnum/tests/unit/conductor/handlers/common/test_cert_manager.py b/magnum/tests/unit/conductor/handlers/common/test_cert_manager.py
index f9093b081e..8d539477fd 100644
--- a/magnum/tests/unit/conductor/handlers/common/test_cert_manager.py
+++ b/magnum/tests/unit/conductor/handlers/common/test_cert_manager.py
@@ -335,6 +335,22 @@ class CertManagerTestCase(base.BaseTestCase):
         self.assertEqual(mock_cert.get_certificate.return_value,
                          cluster_magnum_cert.read())
 
+        # Test for certs and keys that might be returned in binary
+        mock_cert.get_certificate.return_value = b"byte_content"
+        mock_cert.get_decrypted_private_key.return_value = b"byte_key"
+        ca_cert_text = magnum_cert_text = \
+            mock_cert.get_certificate.return_value.decode('UTF-8')
+        magnum_key_text = \
+            mock_cert.get_decrypted_private_key.return_value.decode('UTF-8')
+        (cluster_ca_cert, cluster_key, cluster_magnum_cert) = \
+            cert_manager.create_client_files(mock_cluster)
+        cluster_ca_cert.seek(0)
+        cluster_key.seek(0)
+        cluster_magnum_cert.seek(0)
+        self.assertEqual(ca_cert_text, cluster_ca_cert.read())
+        self.assertEqual(magnum_key_text, cluster_key.read())
+        self.assertEqual(magnum_cert_text, cluster_magnum_cert.read())
+
     def test_create_client_files_in_cache(self):
         mock_cluster = mock.MagicMock()
         mock_cluster.uuid = "mock_cluster_uuid"