diff --git a/passbook/providers/oauth2/forms.py b/passbook/providers/oauth2/forms.py
index 2b7e6f033..1bd5e257f 100644
--- a/passbook/providers/oauth2/forms.py
+++ b/passbook/providers/oauth2/forms.py
@@ -1,6 +1,7 @@
 """passbook OAuth2 Provider Forms"""
 
 from django import forms
+from django.core.exceptions import ValidationError
 from django.utils.translation import gettext as _
 
 from passbook.admin.fields import CodeMirrorWidget
@@ -29,6 +30,14 @@ class OAuth2ProviderForm(forms.ModelForm):
         )
         self.fields["property_mappings"].queryset = ScopeMapping.objects.all()
 
+    def clean_jwt_alg(self):
+        """Ensure that when RS256 is selected, a certificate-key-pair is selected"""
+        if "rsa_key" not in self.cleaned_data:
+            raise ValidationError(
+                _("RS256 requires a Certificate-Key-Pair to be selected.")
+            )
+        return self.cleaned_data["jwt_alg"]
+
     class Meta:
         model = OAuth2Provider
         fields = [