diff --git a/signer/api/api.go b/signer/api/api.go
index 6297f652e4..967fbbe7be 100644
--- a/signer/api/api.go
+++ b/signer/api/api.go
@@ -34,14 +34,12 @@ func getCryptoService(w http.ResponseWriter, algorithm string, cryptoServices si
 		return nil
 	}
 
-	service := cryptoServices[algorithm]
-
-	if service == nil {
-		http.Error(w, "algorithm "+algorithm+" not supported", http.StatusBadRequest)
-		return nil
+	if service, ok := cryptoServices[algorithm]; ok {
+		return service
 	}
 
-	return service
+	http.Error(w, "algorithm "+algorithm+" not supported", http.StatusBadRequest)
+	return nil
 }
 
 // KeyInfo returns a Handler that given a specific Key ID param, returns the public key bits of that key
diff --git a/signer/api/api_test.go b/signer/api/api_test.go
index 579f51a33c..ac63a376d9 100644
--- a/signer/api/api_test.go
+++ b/signer/api/api_test.go
@@ -225,3 +225,26 @@ func TestSignHandlerReturns404WithNonexistentKey(t *testing.T) {
 
 	assert.Equal(t, 404, res.StatusCode)
 }
+
+func TestCreateKeyHandlerWithInvalidAlgorithm(t *testing.T) {
+	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
+	cryptoService := cryptoservice.NewCryptoService("", keyStore)
+	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
+
+	// The `rbtree-algorithm` is expected as not supported
+	createKeyURL := fmt.Sprintf("%s/%s", createKeyBaseURL, "rbtree-algorithm")
+
+	request, err := http.NewRequest("POST", createKeyURL, nil)
+	assert.Nil(t, err)
+
+	res, err := http.DefaultClient.Do(request)
+	assert.Nil(t, err)
+
+	assert.Equal(t, http.StatusBadRequest, res.StatusCode)
+
+	body, err := ioutil.ReadAll(res.Body)
+	assert.Nil(t, err)
+
+	// The body may contains some `\r\n`, so we use assert.Contains not assert.Equals
+	assert.Contains(t, string(body), "algorithm rbtree-algorithm not supported")
+}
diff --git a/signer/client/signer_trust.go b/signer/client/signer_trust.go
index 99fc17aff2..a27297d7d7 100644
--- a/signer/client/signer_trust.go
+++ b/signer/client/signer_trust.go
@@ -107,7 +107,7 @@ type NotarySigner struct {
 	clientConn checkableConnectionState
 }
 
-// NewNotarySigner is a convinience method that returns NotarySigner
+// NewNotarySigner is a convenience method that returns NotarySigner
 func NewNotarySigner(hostname string, port string, tlsConfig *tls.Config) *NotarySigner {
 	var opts []grpc.DialOption
 	netAddr := net.JoinHostPort(hostname, port)