diff --git a/lib/base/tlsutility.cpp b/lib/base/tlsutility.cpp
index 582383704..ff8737f8e 100644
--- a/lib/base/tlsutility.cpp
+++ b/lib/base/tlsutility.cpp
@@ -247,6 +247,8 @@ shared_ptr<X509> GetX509Certificate(const String& pemfile)
 
 int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile, const String& certfile, bool ca)
 {
+	char errbuf[120];
+
 	InitializeOpenSSL();
 
 	RSA *rsa = RSA_generate_key(4096, RSA_F4, NULL, NULL);
@@ -255,7 +257,25 @@ int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile,
 	    << "Writing private key to '" << keyfile << "'.";
 
 	BIO *bio = BIO_new_file(const_cast<char *>(keyfile.CStr()), "w");
-	PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, NULL);
+
+	if (!bio) {
+		Log(LogCritical, "SSL")
+		    << "Error while opening private RSA key file '" << keyfile << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+		BOOST_THROW_EXCEPTION(openssl_error()
+		    << boost::errinfo_api_function("BIO_new_file")
+		    << errinfo_openssl_error(ERR_peek_error())
+		    << boost::errinfo_file_name(keyfile));
+	}
+
+	if (!PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, NULL)) {
+		Log(LogCritical, "SSL")
+		    << "Error while writing private RSA key to file '" << keyfile << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+		BOOST_THROW_EXCEPTION(openssl_error()
+		    << boost::errinfo_api_function("PEM_write_bio_RSAPrivateKey")
+		    << errinfo_openssl_error(ERR_peek_error())
+		    << boost::errinfo_file_name(keyfile));
+	}
+
 	BIO_free(bio);
 
 #ifndef _WIN32
@@ -276,9 +296,26 @@ int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile,
 		Log(LogInformation, "base")
 		    << "Writing X509 certificate to '" << certfile << "'.";
 
-		bio = BIO_new(BIO_s_file());
-		BIO_write_filename(bio, const_cast<char *>(certfile.CStr()));
-		PEM_write_bio_X509(bio, cert.get());
+		bio = BIO_new_file(const_cast<char *>(certfile.CStr()), "w");
+
+		if (!bio) {
+			Log(LogCritical, "SSL")
+			    << "Error while opening certificate file '" << certfile << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+			BOOST_THROW_EXCEPTION(openssl_error()
+			    << boost::errinfo_api_function("BIO_new_file")
+			    << errinfo_openssl_error(ERR_peek_error())
+			    << boost::errinfo_file_name(certfile));
+		}
+
+		if (!PEM_write_bio_X509(bio, cert.get())) {
+			Log(LogCritical, "SSL")
+			    << "Error while writing certificate to file '" << certfile << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+			BOOST_THROW_EXCEPTION(openssl_error()
+			    << boost::errinfo_api_function("PEM_write_bio_X509")
+			    << errinfo_openssl_error(ERR_peek_error())
+			    << boost::errinfo_file_name(certfile));
+		}
+
 		BIO_free(bio);
 	}
 
@@ -299,9 +336,26 @@ int MakeX509CSR(const String& cn, const String& keyfile, const String& csrfile,
 		Log(LogInformation, "base")
 		    << "Writing certificate signing request to '" << csrfile << "'.";
 	
-		bio = BIO_new(BIO_s_file());
-		BIO_write_filename(bio, const_cast<char *>(csrfile.CStr()));
-		PEM_write_bio_X509_REQ(bio, req);
+		bio = BIO_new_file(const_cast<char *>(csrfile.CStr()), "w");
+
+		if (!bio) {
+			Log(LogCritical, "SSL")
+			    << "Error while opening CSR file '" << csrfile << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+			BOOST_THROW_EXCEPTION(openssl_error()
+			    << boost::errinfo_api_function("BIO_new_file")
+			    << errinfo_openssl_error(ERR_peek_error())
+			    << boost::errinfo_file_name(csrfile));
+		}
+
+		if (!PEM_write_bio_X509_REQ(bio, req)) {
+			Log(LogCritical, "SSL")
+			    << "Error while writing CSR to file '" << csrfile << "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+			BOOST_THROW_EXCEPTION(openssl_error()
+			    << boost::errinfo_api_function("PEM_write_bio_X509")
+			    << errinfo_openssl_error(ERR_peek_error())
+			    << boost::errinfo_file_name(csrfile));
+		}
+
 		BIO_free(bio);
 	
 		X509_REQ_free(req);
diff --git a/lib/cli/featureenablecommand.cpp b/lib/cli/featureenablecommand.cpp
index ab790d960..a8399ebc4 100644
--- a/lib/cli/featureenablecommand.cpp
+++ b/lib/cli/featureenablecommand.cpp
@@ -96,6 +96,9 @@ int FeatureEnableCommand::Run(const boost::program_options::variables_map& vm, c
 			continue;
 		}
 
+		std::cout << "Enabling feature " << ConsoleColorTag(Console_ForegroundMagenta | Console_Bold) << feature
+		    << ConsoleColorTag(Console_Normal) << ". Make sure to restart Icinga 2 for these changes to take effect.\n";
+
 #ifndef _WIN32
 		if (symlink(source.CStr(), target.CStr()) < 0) {
 			Log(LogCritical, "cli")
@@ -107,18 +110,16 @@ int FeatureEnableCommand::Run(const boost::program_options::variables_map& vm, c
 #else /* _WIN32 */
 		std::ofstream fp;
 		fp.open(target.CStr());
-		if (!fp) {
+		fp << "include \"../features-available/" << feature << ".conf\"" << std::endl;
+		fp.close();
+
+		if (fp.fail()) {
 			Log(LogCritical, "cli")
 			    << "Cannot enable feature '" << feature << "'. Failed to open file '" << target << "'.";
 			errors.push_back(feature);
 			continue;
 		}
-		fp << "include \"../features-available/" << feature << ".conf\"" << std::endl;
-		fp.close();
 #endif /* _WIN32 */
-
-		std::cout << "Enabling feature " << ConsoleColorTag(Console_ForegroundMagenta | Console_Bold) << feature
-		    << ConsoleColorTag(Console_Normal) << ". Make sure to restart Icinga 2 for these changes to take effect.\n";
 	}
 
 	if (!errors.empty()) {
diff --git a/lib/cli/pkinewcacommand.cpp b/lib/cli/pkinewcacommand.cpp
index 4277d6c92..86bb27f56 100644
--- a/lib/cli/pkinewcacommand.cpp
+++ b/lib/cli/pkinewcacommand.cpp
@@ -71,5 +71,11 @@ int PKINewCACommand::Run(const boost::program_options::variables_map& vm, const
 	fp << "01";
 	fp.close();
 
+	if (fp.fail()) {
+		Log(LogCritical, "cli")
+		    << "Could not create serial file '" << serialpath << "'";
+		return 1;
+	}
+
 	return 0;
 }
diff --git a/lib/cli/pkirequestcommand.cpp b/lib/cli/pkirequestcommand.cpp
index c8aa02e9e..bfa4aa79d 100644
--- a/lib/cli/pkirequestcommand.cpp
+++ b/lib/cli/pkirequestcommand.cpp
@@ -153,27 +153,25 @@ int PKIRequestCommand::Run(const boost::program_options::variables_map& vm, cons
 
 	std::ofstream fpcert;
 	fpcert.open(certfile.CStr());
-
-	if (!fpcert) {
-		Log(LogCritical, "cli")
-		    << "Could not open certificate file '" << certfile << "' for writing.";
-		return 1;
-	}
-
 	fpcert << result->Get("cert");
 	fpcert.close();
 
+	if (fpcert.fail()) {
+		Log(LogCritical, "cli")
+		    << "Could not write certificate to file '" << certfile << "'.";
+		return 1;
+	}
+
 	std::ofstream fpca;
 	fpca.open(cafile.CStr());
+	fpca << result->Get("ca");
+	fpca.close();
 
-	if (!fpcert) {
+	if (fpca.fail()) {
 		Log(LogCritical, "cli")
 		    << "Could not open CA certificate file '" << cafile << "' for writing.";
 		return 1;
 	}
 
-	fpca << result->Get("ca");
-	fpca.close();
-
 	return 0;
 }