diff --git a/cmd/kubeadm/app/phases/copycerts/copycerts.go b/cmd/kubeadm/app/phases/copycerts/copycerts.go
index 199fc4845a5..cdc65918854 100644
--- a/cmd/kubeadm/app/phases/copycerts/copycerts.go
+++ b/cmd/kubeadm/app/phases/copycerts/copycerts.go
@@ -251,9 +251,9 @@ func DownloadCerts(client clientset.Interface, cfg *kubeadmapi.InitConfiguration
 }
 
 func writeCertOrKey(certOrKeyPath string, certOrKeyData []byte) error {
-	if _, err := keyutil.ParsePublicKeysPEM(certOrKeyData); err == nil {
+	if _, err := keyutil.ParsePrivateKeyPEM(certOrKeyData); err == nil {
 		return keyutil.WriteKey(certOrKeyPath, certOrKeyData)
-	} else if _, err := certutil.ParseCertsPEM(certOrKeyData); err == nil {
+	} else if _, err := keyutil.ParsePublicKeysPEM(certOrKeyData); err == nil {
 		return certutil.WriteCert(certOrKeyPath, certOrKeyData)
 	}
 	return errors.New("unknown data found in Secret entry")
diff --git a/cmd/kubeadm/app/phases/copycerts/copycerts_test.go b/cmd/kubeadm/app/phases/copycerts/copycerts_test.go
index be2032aab6a..76a91c2b254 100644
--- a/cmd/kubeadm/app/phases/copycerts/copycerts_test.go
+++ b/cmd/kubeadm/app/phases/copycerts/copycerts_test.go
@@ -29,7 +29,6 @@ import (
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	fakeclient "k8s.io/client-go/kubernetes/fake"
-	certutil "k8s.io/client-go/util/cert"
 	keyutil "k8s.io/client-go/util/keyutil"
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
@@ -240,7 +239,7 @@ func TestDownloadCerts(t *testing.T) {
 		}
 		// Check that the written files are either certificates or keys, and that they have
 		// the expected permissions
-		if _, err := keyutil.ParsePublicKeysPEM(diskCertData); err == nil {
+		if _, err := keyutil.ParsePrivateKeyPEM(diskCertData); err == nil {
 			if stat, err := os.Stat(certPath); err == nil {
 				if stat.Mode() != keyFileMode {
 					t.Errorf("key %q should have mode %#o, has %#o", certName, keyFileMode, stat.Mode())
@@ -248,7 +247,7 @@ func TestDownloadCerts(t *testing.T) {
 			} else {
 				t.Errorf("could not stat key %q: %v", certName, err)
 			}
-		} else if _, err := certutil.ParseCertsPEM(diskCertData); err == nil {
+		} else if _, err := keyutil.ParsePublicKeysPEM(diskCertData); err == nil {
 			if stat, err := os.Stat(certPath); err == nil {
 				if stat.Mode() != certFileMode {
 					t.Errorf("cert %q should have mode %#o, has %#o", certName, certFileMode, stat.Mode())