diff --git a/lib/msf/core/exploit/remote/cert_request.rb b/lib/msf/core/exploit/remote/cert_request.rb
index 22421666dc..e141cdede1 100644
--- a/lib/msf/core/exploit/remote/cert_request.rb
+++ b/lib/msf/core/exploit/remote/cert_request.rb
@@ -16,7 +16,7 @@ module Msf
       private_key = (opts[:private_key] || OpenSSL::PKey::RSA.new(rsa_key_size))
       if private_key.n.num_bits != rsa_key_size
         elog("RSA key size mismatch")
-        return nil
+        raise ArgumentError, "RSA key size mismatch in create_csr()"
       end
       vprint_status("RSA key size: #{rsa_key_size}")
       user = opts[:username]
@@ -29,7 +29,6 @@ module Msf
       status_msg << " - alternate DNS: #{alt_dns}" if alt_dns
       status_msg << " - alternate UPN: #{alt_upn}" if alt_upn
       status_msg << " - digest algorithm: #{algorithm}" if algorithm
-      vprint_status status_msg
       csr = Rex::Proto::X509::Request.build_csr(
         cn: user,
         private_key: private_key,
@@ -59,6 +58,7 @@ module Msf
           algorithm: algorithm
         )
       end
+      vprint_status status_msg
       csr
     end
 end
diff --git a/lib/msf/core/exploit/remote/ms_icpr.rb b/lib/msf/core/exploit/remote/ms_icpr.rb
index 18ae507da3..3a2c9425f7 100644
--- a/lib/msf/core/exploit/remote/ms_icpr.rb
+++ b/lib/msf/core/exploit/remote/ms_icpr.rb
@@ -104,7 +104,7 @@ module Exploit::Remote::MsIcpr
     private_key = opts[:private_key] || OpenSSL::PKey::RSA.new(rsa_key_size)
     if private_key.n.num_bits != rsa_key_size
       elog("RSA key size mismatch")
-      return nil
+      raise ArgumentError, "RSA key size mismatch in do_request_cert"
     end
     opts[:private_key] = private_key
     opts[:username] = user
diff --git a/modules/auxiliary/admin/http/web_enrollment_cert.rb b/modules/auxiliary/admin/http/web_enrollment_cert.rb
index dcc600929a..bb8b12e9bd 100644
--- a/modules/auxiliary/admin/http/web_enrollment_cert.rb
+++ b/modules/auxiliary/admin/http/web_enrollment_cert.rb
@@ -129,7 +129,7 @@ class MetasploitModule < Msf::Auxiliary
       if datastore['DOMAIN'] != 'WORKSTATION' && queried_domain != datastore_domain
         fail_with(Failure::UnexpectedReply, "Server claims to be a member of #{queried_domain} domain and does not match the datastore domain entry #{datastore['DOMAIN']}")
       end
-      connection_identity = queried_domain + '\\\\' + datastore['HttpUsername']
+      connection_identity = queried_domain + '\\' + datastore['HttpUsername']
     end
     http_client = connect(
       {
diff --git a/spec/lib/msf/core/exploit/remote/cert_request_spec.rb b/spec/lib/msf/core/exploit/remote/cert_request_spec.rb
index 4f5770da94..83058be3c5 100644
--- a/spec/lib/msf/core/exploit/remote/cert_request_spec.rb
+++ b/spec/lib/msf/core/exploit/remote/cert_request_spec.rb
@@ -125,26 +125,24 @@ RSpec.describe Msf::Exploit::Remote::CertRequest do
       context 'when the key size does not match the expected rsa_key_size' do
         it 'logs an error' do
           expect(subject).to receive(:elog).with('RSA key size mismatch')
-          subject.create_csr(username: 'alice', private_key: rsa_key, rsa_key_size: 4096)
+          expect { subject.create_csr(username: 'alice', private_key: rsa_key, rsa_key_size: 4096) }.to raise_error(ArgumentError)
         end
 
-        it 'returns nil' do
-          result = subject.create_csr(username: 'alice', private_key: rsa_key, rsa_key_size: 4096)
-          expect(result).to be_nil
+        it 'raises ArgumentError' do
+          expect { subject.create_csr(username: 'alice', private_key: rsa_key, rsa_key_size: 4096) }.to raise_error(ArgumentError, /RSA key size mismatch/)
         end
 
         it 'does not build a CSR' do
           expect(Rex::Proto::X509::Request).not_to receive(:build_csr)
-          subject.create_csr(username: 'alice', private_key: rsa_key, rsa_key_size: 4096)
+          expect { subject.create_csr(username: 'alice', private_key: rsa_key, rsa_key_size: 4096) }.to raise_error(ArgumentError)
         end
       end
 
       context 'when the key size does not match the datastore rsa_key_size' do
         before { subject.datastore['RSAKeySize'] = '4096' }
 
-        it 'returns nil' do
-          result = subject.create_csr(username: 'alice', private_key: rsa_key)
-          expect(result).to be_nil
+        it 'raises ArgumentError' do
+          expect { subject.create_csr(username: 'alice', private_key: rsa_key) }.to raise_error(ArgumentError, /RSA key size mismatch/)
         end
       end
     end
@@ -163,6 +161,7 @@ RSpec.describe Msf::Exploit::Remote::CertRequest do
 
     context 'with rsa_key_size supplied via opts' do
       it 'generates a key with the specified size' do
+        allow(rsa_key).to receive(:n).and_return(double('OpenSSL::BN', num_bits: 4096))
         expect(OpenSSL::PKey::RSA).to receive(:new).with(4096).and_return(rsa_key)
         subject.create_csr(username: 'alice', rsa_key_size: 4096)
       end
@@ -172,6 +171,7 @@ RSpec.describe Msf::Exploit::Remote::CertRequest do
       before { subject.datastore['RSAKeySize'] = '4096' }
 
       it 'generates a key with the datastore size' do
+        allow(rsa_key).to receive(:n).and_return(double('OpenSSL::BN', num_bits: 4096))
         expect(OpenSSL::PKey::RSA).to receive(:new).with(4096).and_return(rsa_key)
         subject.create_csr(username: 'alice')
       end
diff --git a/spec/lib/msf/core/exploit/remote/ms_icpr_spec.rb b/spec/lib/msf/core/exploit/remote/ms_icpr_spec.rb
index c9b497abfa..4c24490995 100644
--- a/spec/lib/msf/core/exploit/remote/ms_icpr_spec.rb
+++ b/spec/lib/msf/core/exploit/remote/ms_icpr_spec.rb
@@ -309,6 +309,7 @@ RSpec.describe Msf::Exploit::Remote::MsIcpr do
 
       it 'uses the RSAKeySize from the datastore' do
         subject.datastore['RSAKeySize'] = '4096'
+        allow(rsa_key).to receive(:n).and_return(double('OpenSSL::BN', num_bits: 4096))
         expect(OpenSSL::PKey::RSA).to receive(:new).with(4096).and_return(rsa_key)
         subject.send(:do_request_cert, icpr, { username: 'alice' })
       end
@@ -329,19 +330,18 @@ RSpec.describe Msf::Exploit::Remote::MsIcpr do
     context 'key size mismatch' do
       let(:wrong_size_key) { OpenSSL::PKey::RSA.new(1024) }
 
-      it 'returns nil' do
-        result = subject.send(:do_request_cert, icpr, { username: 'alice', private_key: wrong_size_key })
-        expect(result).to be_nil
+      it 'raises ArgumentError' do
+        expect { subject.send(:do_request_cert, icpr, { username: 'alice', private_key: wrong_size_key }) }.to raise_error(ArgumentError, /RSA key size mismatch/)
       end
 
       it 'logs an RSA key size mismatch error' do
         expect(subject).to receive(:elog).with('RSA key size mismatch')
-        subject.send(:do_request_cert, icpr, { username: 'alice', private_key: wrong_size_key })
+        expect { subject.send(:do_request_cert, icpr, { username: 'alice', private_key: wrong_size_key }) }.to raise_error(ArgumentError)
       end
 
       it 'does not call create_csr' do
         expect(subject).not_to receive(:create_csr)
-        subject.send(:do_request_cert, icpr, { username: 'alice', private_key: wrong_size_key })
+        expect { subject.send(:do_request_cert, icpr, { username: 'alice', private_key: wrong_size_key }) }.to raise_error(ArgumentError)
       end
     end