diff --git a/agent/connect/csr.go b/agent/connect/csr.go
index 4b975d06c5..16a46af3fd 100644
--- a/agent/connect/csr.go
+++ b/agent/connect/csr.go
@@ -3,12 +3,9 @@ package connect
 import (
 	"bytes"
 	"crypto"
-	"crypto/ecdsa"
-	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/x509"
 	"encoding/pem"
-	"fmt"
 	"net/url"
 )
 
@@ -34,26 +31,3 @@ func CreateCSR(uri CertURI, privateKey crypto.Signer) (string, error) {
 
 	return csrBuf.String(), nil
 }
-
-// GeneratePrivateKey generates a new Private key
-func GeneratePrivateKey() (crypto.Signer, string, error) {
-	var pk *ecdsa.PrivateKey
-
-	pk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-	if err != nil {
-		return nil, "", fmt.Errorf("error generating private key: %s", err)
-	}
-
-	bs, err := x509.MarshalECPrivateKey(pk)
-	if err != nil {
-		return nil, "", fmt.Errorf("error generating private key: %s", err)
-	}
-
-	var buf bytes.Buffer
-	err = pem.Encode(&buf, &pem.Block{Type: "EC PRIVATE KEY", Bytes: bs})
-	if err != nil {
-		return nil, "", fmt.Errorf("error encoding private key: %s", err)
-	}
-
-	return pk, buf.String(), nil
-}
diff --git a/agent/connect/generate.go b/agent/connect/generate.go
index 1226323f08..47ea5f43e7 100644
--- a/agent/connect/generate.go
+++ b/agent/connect/generate.go
@@ -2,6 +2,7 @@ package connect
 
 import (
 	"bytes"
+	"crypto"
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
@@ -10,25 +11,25 @@ import (
 	"fmt"
 )
 
-// GeneratePrivateKey returns a new private key
-func GeneratePrivateKey() (string, error) {
+// GeneratePrivateKey generates a new Private key
+func GeneratePrivateKey() (crypto.Signer, string, error) {
 	var pk *ecdsa.PrivateKey
 
 	pk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
-		return "", fmt.Errorf("error generating private key: %s", err)
+		return nil, "", fmt.Errorf("error generating private key: %s", err)
 	}
 
 	bs, err := x509.MarshalECPrivateKey(pk)
 	if err != nil {
-		return "", fmt.Errorf("error generating private key: %s", err)
+		return nil, "", fmt.Errorf("error generating private key: %s", err)
 	}
 
 	var buf bytes.Buffer
 	err = pem.Encode(&buf, &pem.Block{Type: "EC PRIVATE KEY", Bytes: bs})
 	if err != nil {
-		return "", fmt.Errorf("error encoding private key: %s", err)
+		return nil, "", fmt.Errorf("error encoding private key: %s", err)
 	}
 
-	return buf.String(), nil
+	return pk, buf.String(), nil
 }