diff --git a/cas/apiv1/requests.go b/cas/apiv1/requests.go
index b47a9c13..bf745c17 100644
--- a/cas/apiv1/requests.go
+++ b/cas/apiv1/requests.go
@@ -108,6 +108,9 @@ type GetCertificateAuthorityResponse struct {
 	RootCertificate *x509.Certificate
 }
 
+// CreateKeyRequest is the request used to generate a new key using a KMS.
+type CreateKeyRequest = apiv1.CreateKeyRequest
+
 // CreateCertificateAuthorityRequest is the request used to generate a root or
 // intermediate certificate.
 type CreateCertificateAuthorityRequest struct {
@@ -126,7 +129,7 @@ type CreateCertificateAuthorityRequest struct {
 	// CreateKey defines the KMS CreateKeyRequest to use when creating a new
 	// CertificateAuthority. If CreateKey is nil, a default algorithm will be
 	// used.
-	CreateKey *apiv1.CreateKeyRequest
+	CreateKey *CreateKeyRequest
 }
 
 // CreateCertificateAuthorityResponse is the response for
@@ -136,6 +139,7 @@ type CreateCertificateAuthorityResponse struct {
 	Name             string
 	Certificate      *x509.Certificate
 	CertificateChain []*x509.Certificate
+	KeyName          string
 	PublicKey        crypto.PublicKey
 	PrivateKey       crypto.PrivateKey
 	Signer           crypto.Signer
diff --git a/cas/softcas/softcas.go b/cas/softcas/softcas.go
index 23dac91b..e33a043a 100644
--- a/cas/softcas/softcas.go
+++ b/cas/softcas/softcas.go
@@ -174,6 +174,7 @@ func (c *SoftCAS) CreateCertificateAuthority(req *apiv1.CreateCertificateAuthori
 		Name:             cert.Subject.CommonName,
 		Certificate:      cert,
 		CertificateChain: chain,
+		KeyName:          key.Name,
 		PublicKey:        key.PublicKey,
 		PrivateKey:       key.PrivateKey,
 		Signer:           signer,
diff --git a/cas/softcas/softcas_test.go b/cas/softcas/softcas_test.go
index c8e1a8e9..b9b79250 100644
--- a/cas/softcas/softcas_test.go
+++ b/cas/softcas/softcas_test.go
@@ -106,6 +106,7 @@ func (m *mockKeyManager) CreateKey(req *kmsapi.CreateKeyRequest) (*kmsapi.Create
 		signer = m.signer
 	}
 	return &kmsapi.CreateKeyResponse{
+		Name:       req.Name,
 		PrivateKey: signer,
 		PublicKey:  signer.Public(),
 	}, m.errCreateKey
@@ -516,6 +517,22 @@ func TestSoftCAS_CreateCertificateAuthority(t *testing.T) {
 			PrivateKey:  saSigner,
 			Signer:      saSigner,
 		}, false},
+		{"ok createKey", fields{nil, nil, &mockKeyManager{}}, args{&apiv1.CreateCertificateAuthorityRequest{
+			Type:     apiv1.RootCA,
+			Template: testRootTemplate,
+			Lifetime: 24 * time.Hour,
+			CreateKey: &kmsapi.CreateKeyRequest{
+				Name:               "root_ca.crt",
+				SignatureAlgorithm: kmsapi.ECDSAWithSHA256,
+			},
+		}}, &apiv1.CreateCertificateAuthorityResponse{
+			Name:        "Test Root CA",
+			Certificate: testSignedRootTemplate,
+			PublicKey:   testSignedRootTemplate.PublicKey,
+			KeyName:     "root_ca.crt",
+			PrivateKey:  testSigner,
+			Signer:      testSigner,
+		}, false},
 		{"fail template", fields{nil, nil, &mockKeyManager{}}, args{&apiv1.CreateCertificateAuthorityRequest{
 			Type:     apiv1.RootCA,
 			Lifetime: 24 * time.Hour,