diff --git a/ca/certificate-authority_test.go b/ca/certificate-authority_test.go
index 26fa1286a..2624bbfee 100644
--- a/ca/certificate-authority_test.go
+++ b/ca/certificate-authority_test.go
@@ -223,6 +223,25 @@ var NO_NAME_CSR_HEX = "308202523082013a020100300d310b300906035504061302555330820
 	"58c004d9e1e55af59ea517dfbd2bccca58216d8130b9f77c90328b2aa54b" +
 	"1778a629b584f2bc059489a236131de9b444adca90218c31a499a485"
 
+// CSR generated by Go:
+// * Random public key
+// * CN = example.com
+// * DNSNames = a.example.com, a.example.com
+var DUPE_NAME_CSR_HEX = "3082018d3081f90201003016311430120603550403130b6578616d706c65" +
+	"2e636f6d30819f300d06092a864886f70d010101050003818d0030818902" +
+	"818100cc4a0cf2cf67811e4457fe1106597013e84be141c583b663f2ef6d" +
+	"a0c9254ca4c37fcd1945fdddc6db66f395c679de33501d333efd60d941d5" +
+	"a32d29a1e5af6da853ba28419b471081a8476d7bdf7159cc09606eec807f" +
+	"da89586ebee0e46a5f53a14c2210a934e92afd314c0bc1b6946afce63a21" +
+	"0b6eac62eca728efbb36c70203010001a03a303806092a864886f70d0109" +
+	"0e312b302930270603551d110420301e820d612e6578616d706c652e636f" +
+	"6d820d612e6578616d706c652e636f6d300b06092a864886f70d01010b03" +
+	"818100604965228739c63f5d94d29295a7c327f70c08f361d4873166f112" +
+	"d420ca424d9a86cfb49483cf54090d1d81e56b1aeea09cafd783e7ef4fb8" +
+	"fdbd43e1918e474abb2ea8962960c5c77ac5be5cbf67e515d8234ca7fe4e" +
+	"5b7c0134e95b77a43a6b5789ff97b3262f949e75690314e417c4c2bd3d1f" +
+	"7bedb21db1dd5dd4f71b82"
+
 // CFSSL config
 const hostPort = "localhost:9000"
 const authKey = "79999d86250c367a2b517a1ae7d409c1"
@@ -435,4 +454,21 @@ func TestIssueCertificate(t *testing.T) {
 	if err == nil {
 		t.Errorf("CA improperly agreed to create a certificate with no name")
 	}
+
+	// Test that the CA rejects CSRs with duplicate names
+	csrDER, _ = hex.DecodeString(DUPE_NAME_CSR_HEX)
+	csr, _ = x509.ParseCertificateRequest(csrDER)
+	_, err = ca.IssueCertificate(*csr)
+	if err == nil {
+		t.Errorf("CA improperly agreed to create a certificate with duplicate names")
+	}
+}
+
+func TestDupeNames(t *testing.T) {
+	unique := []string{"a", "b"}
+	notUnique := []string{"a", "a"}
+
+	test.Assert(t, !dupeNames([]string{}), "Empty list can't contain duplicates")
+	test.Assert(t, !dupeNames(unique), "Unique list doesn't have duplicates")
+	test.Assert(t, dupeNames(notUnique), "Non-unique list does have duplicates")
 }