diff --git a/pkg/cryptoutils/publickey.go b/pkg/cryptoutils/publickey.go
index 4fe003136..e9f48decb 100644
--- a/pkg/cryptoutils/publickey.go
+++ b/pkg/cryptoutils/publickey.go
@@ -53,8 +53,6 @@ func UnmarshalPEMToPublicKey(pemBytes []byte) (crypto.PublicKey, error) {
 		return nil, errors.New("PEM decoding failed")
 	}
 	switch derBytes.Type {
-	case string(CertificatePEMType):
-		fallthrough
 	case string(PublicKeyPEMType):
 		return x509.ParsePKIXPublicKey(derBytes.Bytes)
 	default:
diff --git a/pkg/cryptoutils/publickey_test.go b/pkg/cryptoutils/publickey_test.go
index 187ec86ec..a399999cd 100644
--- a/pkg/cryptoutils/publickey_test.go
+++ b/pkg/cryptoutils/publickey_test.go
@@ -21,7 +21,6 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
-	"crypto/x509"
 	"strings"
 	"testing"
 
@@ -52,26 +51,6 @@ func TestECDSAPublicKeyPEMRoundtrip(t *testing.T) {
 	verifyPublicKeyPEMRoundtrip(t, priv.Public())
 }
 
-func TestECDSAPublicKeyPEMEncodeCertificate(t *testing.T) {
-	t.Parallel()
-	priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-	if err != nil {
-		t.Fatalf("ecdsa.GenerateKey failed: %v", err)
-	}
-	pubBytes, err := x509.MarshalPKIXPublicKey(&priv.PublicKey)
-	if err != nil {
-		t.Fatalf("x509.MarshalPKIXPublicKey() = %v", err)
-	}
-	pemBytes := PEMEncode(CertificatePEMType, pubBytes)
-	rtPub, err := UnmarshalPEMToPublicKey(pemBytes)
-	if err != nil {
-		t.Fatalf("UnmarshalPEMToPublicKey returned error: %v", err)
-	}
-	if d := cmp.Diff(&priv.PublicKey, rtPub); d != "" {
-		t.Errorf("round-tripped public key was malformed (-before +after): %s", d)
-	}
-}
-
 func TestEd25519PublicKeyPEMRoundtrip(t *testing.T) {
 	t.Parallel()
 	pub, _, err := ed25519.GenerateKey(rand.Reader)