diff --git a/wkd-java/src/main/java/pgp/wkd/discovery/DiscoveryResponse.java b/wkd-java/src/main/java/pgp/wkd/discovery/DiscoveryResponse.java
index b0244d1..fcd5582 100644
--- a/wkd-java/src/main/java/pgp/wkd/discovery/DiscoveryResponse.java
+++ b/wkd-java/src/main/java/pgp/wkd/discovery/DiscoveryResponse.java
@@ -10,6 +10,7 @@ import pgp.wkd.WKDAddress;
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
+import java.net.URI;
 import java.util.Collections;
 import java.util.List;
 
@@ -67,6 +68,10 @@ public final class DiscoveryResponse {
         return address;
     }
 
+    public URI getUri() {
+        return getAddress().getUri(getMethod());
+    }
+
     public boolean isSuccessful() {
         return !hasFetchingFailure();
     }
diff --git a/wkd-java/src/main/java/pgp/wkd/discovery/DiscoveryResult.java b/wkd-java/src/main/java/pgp/wkd/discovery/DiscoveryResult.java
index 550176f..dbb2f8b 100644
--- a/wkd-java/src/main/java/pgp/wkd/discovery/DiscoveryResult.java
+++ b/wkd-java/src/main/java/pgp/wkd/discovery/DiscoveryResult.java
@@ -49,9 +49,11 @@ public class DiscoveryResult {
      *
      * @param outputStream output stream
      */
-    public void write(OutputStream outputStream) throws IOException {
+    public void write(OutputStream outputStream)
+            throws IOException {
+
         if (!isSuccessful()) {
-            throw new CertNotFetchableException("Cannot fetch cert.");
+            throwCertNotFetchableException();
         }
 
         byte[] buf = new byte[4096];
@@ -64,6 +66,21 @@ public class DiscoveryResult {
         }
     }
 
+    private void throwCertNotFetchableException() {
+        Throwable cause = null;
+        for (DiscoveryResponse response : getItems()) {
+            // Find the most "useful" exception.
+            // Rejections are more useful than fetching failures
+            if (!response.getRejectedCertificates().isEmpty()) {
+                cause = response.getRejectedCertificates().get(0).getReasonForRejection();
+                break;
+            } else {
+                cause = response.getFetchingFailure();
+            }
+        }
+        throw new CertNotFetchableException("Could not fetch certificates.", cause);
+    }
+
     @Nonnull
     public List<DiscoveryResponse> getItems() {
         return items;
diff --git a/wkd-java/src/main/java/pgp/wkd/exception/CertNotFetchableException.java b/wkd-java/src/main/java/pgp/wkd/exception/CertNotFetchableException.java
index f07f496..caa4228 100644
--- a/wkd-java/src/main/java/pgp/wkd/exception/CertNotFetchableException.java
+++ b/wkd-java/src/main/java/pgp/wkd/exception/CertNotFetchableException.java
@@ -11,11 +11,7 @@ public class CertNotFetchableException extends RuntimeException {
 
     public static final int ERROR_CODE = 3;
 
-    public CertNotFetchableException(String message) {
-        super(message);
-    }
-
-    public CertNotFetchableException(String message, Throwable e) {
-        super(message, e);
+    public CertNotFetchableException(String message, Throwable cause) {
+        super(message, cause);
     }
 }
diff --git a/wkd-test-suite/src/main/java/pgp/wkd/test_suite/TestSuiteGenerator.java b/wkd-test-suite/src/main/java/pgp/wkd/test_suite/TestSuiteGenerator.java
index 446af48..ab019e3 100644
--- a/wkd-test-suite/src/main/java/pgp/wkd/test_suite/TestSuiteGenerator.java
+++ b/wkd-test-suite/src/main/java/pgp/wkd/test_suite/TestSuiteGenerator.java
@@ -5,6 +5,15 @@
 package pgp.wkd.test_suite;
 
 
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPPublicKey;
+import org.bouncycastle.openpgp.PGPPublicKeyRing;
+import org.bouncycastle.openpgp.PGPSecretKeyRing;
+import org.bouncycastle.openpgp.PGPSignature;
+import org.pgpainless.PGPainless;
+import org.pgpainless.key.protection.SecretKeyRingProtector;
+import pgp.wkd.discovery.DiscoveryMethod;
+
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
@@ -18,15 +27,6 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Random;
 
-import org.bouncycastle.openpgp.PGPException;
-import org.bouncycastle.openpgp.PGPPublicKey;
-import org.bouncycastle.openpgp.PGPPublicKeyRing;
-import org.bouncycastle.openpgp.PGPSecretKeyRing;
-import org.bouncycastle.openpgp.PGPSignature;
-import org.pgpainless.PGPainless;
-import org.pgpainless.key.protection.SecretKeyRingProtector;
-import pgp.wkd.discovery.DiscoveryMethod;
-
 public class TestSuiteGenerator {
 
 
@@ -49,6 +49,7 @@ public class TestSuiteGenerator {
         tests.addAll(test_baseCaseMultiUserIds(dirs));
         tests.add(test_secretKeyMaterial(dirs));
         tests.add(test_randomBytes(dirs));
+        tests.add(test_missingCertificate(dirs));
 
         return new TestSuite("0.1", tests);
     }
@@ -230,6 +231,13 @@ public class TestSuiteGenerator {
         return TestCase.fail("Random Bytes", description, lookupMail, directoryStructure);
     }
 
+    private TestCase test_missingCertificate(WkdDirectoryStructure dirs) {
+        String lookupMail = "missing-cert@" + domain;
+        String title = "Missing certificate";
+        String description = "There is no certificate for the lookup mail address '" + lookupMail + "'.";
+        return TestCase.fail(title, description, lookupMail, dirs);
+    }
+
     // INTERNAL METHODS
 
     private WkdDirectoryStructure directoryStructureForMethod(File directory, DiscoveryMethod method) {