diff --git a/rs256.go b/rs256.go
index 33b26cc..c4ec6c1 100644
--- a/rs256.go
+++ b/rs256.go
@@ -83,9 +83,9 @@ func (m *SigningMethodRS256) parsePublicKey(key []byte) (*rsa.PublicKey, error)
 	var parsedKey interface{}
 	if parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes); err != nil {
 		if cert, err := x509.ParseCertificate(block.Bytes); err == nil {
-			return nil, err
-		} else {
 			parsedKey = cert.PublicKey
+		} else {
+			return nil, err
 		}
 	}
 
diff --git a/rs256_test.go b/rs256_test.go
index a0fbd5a..f2de1e0 100644
--- a/rs256_test.go
+++ b/rs256_test.go
@@ -67,6 +67,7 @@ func TestRSAKeyParsing(t *testing.T) {
 	badKey := []byte("All your base are belong to key")
 	method := GetSigningMethod("RS256").(*SigningMethodRS256)
 
+	// Test parsePrivateKey
 	if _, e := method.parsePrivateKey(key); e != nil {
 		t.Errorf("Failed to parse valid private key: %v", e)
 	}
@@ -78,4 +79,18 @@ func TestRSAKeyParsing(t *testing.T) {
 	if k, e := method.parsePrivateKey(badKey); e == nil {
 		t.Errorf("Parsed invalid key as valid private key: %v", k)
 	}
+
+	// Test parsePublicKey
+	if _, e := method.parsePublicKey(pubKey); e != nil {
+		t.Errorf("Failed to parse valid public key: %v", e)
+	}
+
+	if k, e := method.parsePublicKey(key); e == nil {
+		t.Errorf("Parsed private key as valid public key: %v", k)
+	}
+
+	if k, e := method.parsePublicKey(badKey); e == nil {
+		t.Errorf("Parsed invalid key as valid private key: %v", k)
+	}
+
 }