diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py
index 7d332205e..df2076fcc 100644
--- a/keystoneclient/middleware/auth_token.py
+++ b/keystoneclient/middleware/auth_token.py
@@ -793,9 +793,8 @@ class AuthProtocol(object):
                 'Marking token %s as unauthorized in memcache', token)
             self._cache_store(token, 'invalid')
 
-    def cert_file_missing(self, called_proc_err, file_name):
-        return (called_proc_err.output.find(file_name)
-                and not os.path.exists(file_name))
+    def cert_file_missing(self, proc_output, file_name):
+        return (file_name in proc_output and not os.path.exists(file_name))
 
     def verify_uuid_token(self, user_token, retry=True):
         """Authenticate user token with keystone.
@@ -867,10 +866,11 @@ class AuthProtocol(object):
                 output = cms.cms_verify(data, self.signing_cert_file_name,
                                         self.ca_file_name)
             except cms.subprocess.CalledProcessError as err:
-                if self.cert_file_missing(err, self.signing_cert_file_name):
+                if self.cert_file_missing(err.output,
+                                          self.signing_cert_file_name):
                     self.fetch_signing_cert()
                     continue
-                if self.cert_file_missing(err, self.ca_file_name):
+                if self.cert_file_missing(err.output, self.ca_file_name):
                     self.fetch_ca_cert()
                     continue
                 raise err
diff --git a/tests/test_auth_token_middleware.py b/tests/test_auth_token_middleware.py
index 40fc4018f..0fc6c6aa5 100644
--- a/tests/test_auth_token_middleware.py
+++ b/tests/test_auth_token_middleware.py
@@ -569,6 +569,14 @@ class AuthTokenMiddlewareTest(test.NoModule, BaseAuthTokenMiddlewareTest):
         self.middleware.token_revocation_list = self.get_revocation_list_json()
         self.middleware.verify_signed_token(SIGNED_TOKEN_SCOPED)
 
+    def test_cert_file_missing(self):
+        self.assertFalse(self.middleware.cert_file_missing(
+                         "openstack: /tmp/haystack: No such file or directory",
+                         "/tmp/needle"))
+        self.assertTrue(self.middleware.cert_file_missing(
+                        "openstack: /not/exist: No such file or directory",
+                        "/not/exist"))
+
     def test_get_token_revocation_list_fetched_time_returns_min(self):
         self.middleware.token_revocation_list_fetched_time = None
         self.middleware.revoked_file_name = ''