diff --git a/agent/connect/ca/provider_consul.go b/agent/connect/ca/provider_consul.go
index 8971d5cd9..d82eb53bc 100644
--- a/agent/connect/ca/provider_consul.go
+++ b/agent/connect/ca/provider_consul.go
@@ -328,6 +328,9 @@ func (c *ConsulProvider) Sign(csr *x509.CertificateRequest) (string, error) {
 	if err != nil {
 		return "", err
 	}
+	if providerState.PrivateKey == "" {
+		return "", ErrNotInitialized
+	}
 
 	// Create the keyId for the cert from the signing private key.
 	signer, err := connect.ParseSigner(providerState.PrivateKey)
@@ -623,9 +626,9 @@ func (c *ConsulProvider) generateCA(privateKey string, sn uint64) (string, error
 	serialNum := &big.Int{}
 	serialNum.SetUint64(sn)
 	template := x509.Certificate{
-		SerialNumber:          serialNum,
-		Subject:               pkix.Name{CommonName: name},
-		URIs:                  []*url.URL{id.URI()},
+		SerialNumber: serialNum,
+		Subject:      pkix.Name{CommonName: name},
+		URIs:         []*url.URL{id.URI()},
 		BasicConstraintsValid: true,
 		KeyUsage: x509.KeyUsageCertSign |
 			x509.KeyUsageCRLSign |
diff --git a/agent/consul/enterprise_server_oss.go b/agent/consul/enterprise_server_oss.go
index 84b49403b..8064e6b38 100644
--- a/agent/consul/enterprise_server_oss.go
+++ b/agent/consul/enterprise_server_oss.go
@@ -30,3 +30,7 @@ func (s *Server) handleEnterpriseRPCConn(rtype pool.RPCType, conn net.Conn, isTL
 func (s *Server) enterpriseStats() map[string]map[string]string {
 	return nil
 }
+
+func (s *Server) intentionReplicationEnabled() bool {
+	return false
+}