diff --git a/cert/cert_v1.go b/cert/cert_v1.go
index e25ec70..b807f8d 100644
--- a/cert/cert_v1.go
+++ b/cert/cert_v1.go
@@ -329,6 +329,9 @@ func (c *certificateV1) marshalForSigning() ([]byte, error) {
 }
 
 func (c *certificateV1) setSignature(b []byte) error {
+	if len(b) == 0 {
+		return ErrEmptySignature
+	}
 	c.signature = b
 	return nil
 }
diff --git a/cert/cert_v2.go b/cert/cert_v2.go
index 3bc24e8..618373c 100644
--- a/cert/cert_v2.go
+++ b/cert/cert_v2.go
@@ -390,6 +390,9 @@ func (c *certificateV2) marshalForSigning() ([]byte, error) {
 }
 
 func (c *certificateV2) setSignature(b []byte) error {
+	if len(b) == 0 {
+		return ErrEmptySignature
+	}
 	c.signature = b
 	return nil
 }
diff --git a/cert/errors.go b/cert/errors.go
index 2990791..3fcedbf 100644
--- a/cert/errors.go
+++ b/cert/errors.go
@@ -31,4 +31,5 @@ var (
 	ErrNoPayload       = errors.New("provided payload was empty")
 
 	ErrMissingDetails = errors.New("certificate did not contain details")
+	ErrEmptySignature = errors.New("empty signature")
 )
diff --git a/cert/sign.go b/cert/sign.go
index 741049d..a1e09cd 100644
--- a/cert/sign.go
+++ b/cert/sign.go
@@ -36,7 +36,7 @@ type beingSignedCertificate interface {
 	// marshalForSigning returns the bytes that should be signed
 	marshalForSigning() ([]byte, error)
 
-	// setSignature sets the signature for the certificate that has just been signed
+	// setSignature sets the signature for the certificate that has just been signed. The signature must not be blank.
 	setSignature([]byte) error
 }
 
@@ -138,7 +138,6 @@ func (t *TBSCertificate) SignWith(signer Certificate, curve Curve, sp SignerLamb
 		return nil, err
 	}
 
-	//TODO: check if we have sig bytes?
 	err = c.setSignature(sig)
 	if err != nil {
 		return nil, err