diff --git a/platform/src/key_keeper.cpp b/platform/src/key_keeper.cpp
index 68c6485..0a1f1db 100644
--- a/platform/src/key_keeper.cpp
+++ b/platform/src/key_keeper.cpp
@@ -519,24 +519,24 @@ struct keyring* key_keeper_release_keyring(future_result_t* result)
 	return &(kyr->head);
 }
 
-static uchar* get_key_by_cert(X509* cert, int keyring_id, unsigned int* len)
+static uchar* get_key_by_cert(X509* cert, int keyring_id, unsigned int* len, int is_cert_valid)
 {
 	if(cert == NULL)
 	{
 		return NULL;
 	}
-	char* cert_fgr = NULL;
-	cert_fgr = ssl_x509_fingerprint(cert, 0);
-	if(cert_fgr == NULL)
+	char* cert_fingerprint = NULL;
+	cert_fingerprint = ssl_x509_fingerprint(cert, 0);
+	if(cert_fingerprint == NULL)
 	{
 		return NULL;
 	}
-	char* key = (char*)malloc(HTABLE_MAX_KEY_LEN);
+	char* key = ALLOC(char, HTABLE_MAX_KEY_LEN);
 	memset(key, 0, HTABLE_MAX_KEY_LEN);
-	snprintf(key, HTABLE_MAX_KEY_LEN, "%d:", keyring_id);
-	strncat(key, cert_fgr, HTABLE_MAX_KEY_LEN);
+	snprintf(key, HTABLE_MAX_KEY_LEN, "%d:%d:", keyring_id, is_cert_valid);
+	strncat(key, cert_fingerprint, HTABLE_MAX_KEY_LEN);
 	*len = strnlen(key, HTABLE_MAX_KEY_LEN);
-	free(cert_fgr);
+	free(cert_fingerprint);
 	return (uchar*)key;
 }
 
@@ -561,7 +561,7 @@ void key_keeper_async_ask(struct future * f, struct key_keeper * keeper, const c
 {
 	struct promise* p = future_to_promise(f);
 	unsigned int len = 0;
-	uchar* key = get_key_by_cert(origin_cert, keyring_id, &len);
+	uchar* key = get_key_by_cert(origin_cert, keyring_id, &len, is_cert_valid);
 	if(key == NULL)
 	{
 		promise_failed(p, FUTURE_ERROR_EXCEPTION, "get hash key by_cert failed");