diff --git a/tatu/db/models.py b/tatu/db/models.py
index 4765d5c..dc2736a 100644
--- a/tatu/db/models.py
+++ b/tatu/db/models.py
@@ -1,6 +1,7 @@
 from datetime import datetime
 import sqlalchemy as sa
 from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy.exc import IntegrityError
 import falcon
 import sshpubkeys
 import uuid
@@ -28,7 +29,10 @@ def createAuthority(session, auth_id):
                    user_key=RSA.generate(2048).exportKey('PEM'),
                    host_key=RSA.generate(2048).exportKey('PEM'))
   session.add(auth)
-  session.commit()
+  try:
+    session.commit()
+  except IntegrityError:
+    raise falcon.HTTPConflict("This certificate authority already exists.")
   return auth
 
 class UserCert(Base):
diff --git a/tatu/tests/test_app.py b/tatu/tests/test_app.py
index 8887ee6..7738c99 100644
--- a/tatu/tests/test_app.py
+++ b/tatu/tests/test_app.py
@@ -52,6 +52,17 @@ def test_post_authority(client):
   #auth = session.query(Authority).get(auth_id)
   #assert auth is not None
 
+@pytest.mark.dependency(depends=['test_post_authority'])
+def test_post_authority_duplicate(client):
+  body = {
+    'auth_id': auth_id,
+  }
+  response = client.simulate_post(
+    '/authorities',
+    body=json.dumps(body)
+  )
+  assert response.status == falcon.HTTP_CONFLICT
+
 def test_post_no_body(client):
   for path in ['/authorities', '/usercerts', '/hosttokens',
                '/hostcerts', '/novavendordata']: