diff --git a/certoperations.js b/certoperations.js
index 4c108704..dd441e50 100644
--- a/certoperations.js
+++ b/certoperations.js
@@ -1089,7 +1089,7 @@ module.exports.CertificateOperations = function (parent) {
             mpsPrivateKey = r.mps.key;
         }
 
-        r = { root: { cert: rootCertificate, key: rootPrivateKey }, web: { cert: webCertificate, key: webPrivateKey, ca: [] }, webdefault: { cert: webCertificate, key: webPrivateKey, ca: [] }, mps: { cert: mpsCertificate, key: mpsPrivateKey }, agent: { cert: agentCertificate, key: agentPrivateKey }, ca: calist, CommonName: commonName, RootName: rootName, AmtMpsName: mpsCommonName, dns: {}, WebIssuer: webIssuer };
+        r = { root: { cert: rootCertificate, key: rootPrivateKey }, web: { cert: webCertificate, key: webPrivateKey, ca: [] }, webdefault: { cert: webCertificate, key: webPrivateKey, ca: [] }, mps: { cert: mpsCertificate, key: mpsPrivateKey }, agent: { cert: agentCertificate, key: agentPrivateKey }, codesign: { cert: codesignCertificate, key: codesignPrivateKey }, ca: calist, CommonName: commonName, RootName: rootName, AmtMpsName: mpsCommonName, dns: {}, WebIssuer: webIssuer };
 
         // Fetch the certificates names for the main certificate
         var webCertificate = obj.pki.certificateFromPem(r.web.cert);
diff --git a/meshcentral.js b/meshcentral.js
index ba82bb93..8e1a99dc 100644
--- a/meshcentral.js
+++ b/meshcentral.js
@@ -2860,14 +2860,17 @@ function CreateMeshCentralServer(config, args) {
         }
 
         // Generate the agent signature description and URL
-        const serverSignedAgentsPath = obj.path.join(obj.datapath, 'signedagents' + suffix);
-        var signDesc = (domain.title ? domain.title : agentSignCertInfo.cert.subject.hash);
-        var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified
-        var signUrl = 'https://' + ((domain.dns != null) ? domain.dns : obj.certificates.CommonName);
-        if (httpsPort != 443) { signUrl += ':' + httpsPort; }
-        var xdomain = (domain.dns == null) ? domain.id : '';
-        if (xdomain != '') xdomain += '/';
-        signUrl += '/' + xdomain;
+        var serverSignedAgentsPath, signDesc, signUrl;
+        if (agentSignCertInfo != null) {
+            serverSignedAgentsPath = obj.path.join(obj.datapath, 'signedagents' + suffix);
+            signDesc = (domain.title ? domain.title : agentSignCertInfo.cert.subject.hash);
+            var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified
+            signUrl = 'https://' + ((domain.dns != null) ? domain.dns : obj.certificates.CommonName);
+            if (httpsPort != 443) { signUrl += ':' + httpsPort; }
+            var xdomain = (domain.dns == null) ? domain.id : '';
+            if (xdomain != '') xdomain += '/';
+            signUrl += '/' + xdomain;
+        }
 
         // Load agent information file. This includes the data & time of the agent.
         const agentInfo = [];
@@ -2893,7 +2896,7 @@ function CreateMeshCentralServer(config, args) {
             if ((stats == null)) continue; // If this agent does not exist, skip it.
 
             // Check if we need to sign this agent, if so, check if it's already been signed
-            if (obj.meshAgentsArchitectureNumbers[archid].codesign === true) {
+            if ((obj.meshAgentsArchitectureNumbers[archid].codesign === true) && (agentSignCertInfo != null)) {{
                 // Open the original agent with authenticode
                 var signeedagentpath = obj.path.join(serverSignedAgentsPath, obj.meshAgentsArchitectureNumbers[archid].localname);
                 const originalAgent = require('./authenticode.js').createAuthenticodeHandler(agentpath);