diff --git a/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeAddUserCommand.java b/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeAddUserCommand.java
index 439abb410..12728d4d9 100644
--- a/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeAddUserCommand.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeAddUserCommand.java
@@ -5,6 +5,7 @@ import li.strolch.model.audit.AccessType;
 import li.strolch.model.audit.Audit;
 import li.strolch.persistence.api.StrolchTransaction;
 import li.strolch.privilege.handler.PrivilegeHandler;
+import li.strolch.privilege.model.Certificate;
 import li.strolch.privilege.model.UserRep;
 import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
 import li.strolch.service.api.Command;
@@ -17,6 +18,7 @@ public class PrivilegeAddUserCommand extends Command {
 
 	// input
 	private UserRep userIn;
+	private Certificate cert;
 
 	// intermediary
 	private Audit audit;
@@ -32,6 +34,10 @@ public class PrivilegeAddUserCommand extends Command {
 		this.userIn = userIn;
 	}
 
+	public void setCert(Certificate cert) {
+		this.cert = cert;
+	}
+
 	public UserRep getUserOut() {
 		return this.userOut;
 	}
@@ -39,6 +45,8 @@ public class PrivilegeAddUserCommand extends Command {
 	@Override
 	public void validate() {
 		DBC.PRE.assertNotNull("userIn may not be null!", this.userIn);
+		if (this.cert == null)
+			this.cert = tx().getCertificate();
 	}
 
 	@Override
@@ -46,8 +54,8 @@ public class PrivilegeAddUserCommand extends Command {
 
 		PrivilegeHandler privilegeHandler = getContainer().getPrivilegeHandler().getPrivilegeHandler();
 
-		this.userOut = privilegeHandler.addUser(tx().getCertificate(), this.userIn, null);
-		privilegeHandler.persist(tx().getCertificate());
+		this.userOut = privilegeHandler.addUser(this.cert, this.userIn, null);
+		privilegeHandler.persist(this.cert);
 
 		tx().setSuppressAuditsForAudits(true);