diff --git a/nova/crypto.py b/nova/crypto.py
index bdc32482ab9f..8d535f426bb2 100644
--- a/nova/crypto.py
+++ b/nova/crypto.py
@@ -176,7 +176,8 @@ def revoke_certs_by_project(project_id):
 def revoke_certs_by_user_and_project(user_id, project_id):
     """Revoke certs for user in project."""
     admin = context.get_admin_context()
-    for cert in db.certificate_get_all_by_user(admin, user_id, project_id):
+    for cert in db.certificate_get_all_by_user_and_project(admin,
+                                            user_id, project_id):
         revoke_cert(cert['project_id'], cert['file_name'])
 
 
diff --git a/nova/tests/test_crypto.py b/nova/tests/test_crypto.py
index 945d787948f2..1356ec8b8894 100644
--- a/nova/tests/test_crypto.py
+++ b/nova/tests/test_crypto.py
@@ -16,7 +16,10 @@
 Tests for Crypto module.
 """
 
+import mox
+
 from nova import crypto
+from nova import db
 from nova import test
 
 
@@ -46,3 +49,69 @@ class SymmetricKeyTestCase(test.TestCase):
         plain = decrypt(cipher_text)
 
         self.assertEquals(plain_text, plain)
+
+
+class RevokeCertsTest(test.TestCase):
+
+    def test_revoke_certs_by_user_and_project(self):
+        user_id = 'test_user'
+        project_id = 2
+        file_name = 'test_file'
+
+        certificates = [{"user_id": user_id, "project_id": project_id,
+        "file_name": file_name}]
+
+        self.mox.StubOutWithMock(db, 'certificate_get_all_by_user_and_project')
+        db.certificate_get_all_by_user_and_project(mox.IgnoreArg(), \
+            user_id, project_id).AndReturn(certificates)
+
+        self.mox.StubOutWithMock(crypto, 'revoke_cert')
+        crypto.revoke_cert(project_id, mox.IgnoreArg())
+
+        self.mox.ReplayAll()
+
+        crypto.revoke_certs_by_user_and_project(user_id, project_id)
+
+        self.mox.VerifyAll()
+
+    def test_revoke_certs_by_user(self):
+        user_id = 'test_user'
+        project_id = 2
+        file_name = 'test_file'
+
+        certificates = [{"user_id": user_id, "project_id": project_id,
+        "file_name": file_name}]
+
+        self.mox.StubOutWithMock(db, 'certificate_get_all_by_user')
+        db.certificate_get_all_by_user(mox.IgnoreArg(), \
+            user_id).AndReturn(certificates)
+
+        self.mox.StubOutWithMock(crypto, 'revoke_cert')
+        crypto.revoke_cert(project_id, mox.IgnoreArg())
+
+        self.mox.ReplayAll()
+
+        crypto.revoke_certs_by_user(user_id)
+
+        self.mox.VerifyAll()
+
+    def test_revoke_certs_by_project(self):
+        user_id = 'test_user'
+        project_id = 2
+        file_name = 'test_file'
+
+        certificates = [{"user_id": user_id, "project_id": project_id,
+        "file_name": file_name}]
+
+        self.mox.StubOutWithMock(db, 'certificate_get_all_by_project')
+        db.certificate_get_all_by_project(mox.IgnoreArg(), \
+                project_id).AndReturn(certificates)
+
+        self.mox.StubOutWithMock(crypto, 'revoke_cert')
+        crypto.revoke_cert(project_id, mox.IgnoreArg())
+
+        self.mox.ReplayAll()
+
+        crypto.revoke_certs_by_project(project_id)
+
+        self.mox.VerifyAll()