diff --git a/Makefile b/Makefile
index c16b855..af4ee7f 100644
--- a/Makefile
+++ b/Makefile
@@ -83,3 +83,10 @@ ansible-molecule:
 
 unit-test:
 	PYTHONPATH=./:$PYTHONPATH pytest ./tests/certificate/test_venafi_certificate.py
+
+install:
+	ansible-galaxy collection build --force
+	ansible-galaxy collection install venafi-machine_identity-1.0.1.tar.gz --force
+
+uninstall:
+	rm -rf ~/.ansible/collections/ansible_collections/venafi
diff --git a/plugins/modules/venafi_certificate.py b/plugins/modules/venafi_certificate.py
index a31e848..f75c1d7 100644
--- a/plugins/modules/venafi_certificate.py
+++ b/plugins/modules/venafi_certificate.py
@@ -450,6 +450,8 @@ def enroll(self):
                 self.module.fail_json(msg="Missing parameter for Service Generated CSR: %s" % F_PK_PASSPHRASE)
             request.include_private_key = True
             self.serialize_private_key = True
+            if self.privatekey_type is not None:
+                request.key_type = self._get_key_type()
 
         elif self.csr_origin == CSR_ORIGIN_PROVIDED:
             if not self.csr_path:
@@ -465,17 +467,7 @@ def enroll(self):
                 private_key = to_text(open(self.privatekey_filename, "rb").read())
                 request.private_key = private_key
             elif self.privatekey_type:
-                key_type = {"RSA": "rsa", "ECDSA": "ec", "EC": "ec"}.get(self.privatekey_type)
-                if not key_type:
-                    self.module.fail_json(msg=("Failed to determine key type: %s. Must be RSA or ECDSA"
-                                               % self.privatekey_type))
-                if key_type == "rsa":
-                    request.key_type = KeyType(KeyType.RSA, self.privatekey_size)
-                elif key_type == "ecdsa" or key_type == "ec":
-                    request.key_type = KeyType(KeyType.ECDSA, self.privatekey_curve)
-                else:
-                    self.module.fail_json(msg=("Failed to determine key type: %s. Must be RSA or ECDSA"
-                                               % self.privatekey_type))
+                request.key_type = self._get_key_type()
                 self.serialize_private_key = True
         else:
             self.module.fail_json(msg="Failed to determine %s: %s" % (F_CSR_ORIGIN, self.csr_origin))
@@ -506,6 +498,23 @@ def enroll(self):
         if self.serialize_private_key and cert.key is not None:
             self._atomic_write(self.privatekey_filename, cert.key)
 
+    def _get_key_type(self):
+        """
+
+        :rtype: KeyType
+        """
+        key_type = {"RSA": "rsa", "ECDSA": "ec", "EC": "ec"}.get(self.privatekey_type)
+        if not key_type:
+            self.module.fail_json(msg=("Failed to determine key type: %s. Must be RSA or ECDSA"
+                                       % self.privatekey_type))
+        if key_type == "rsa":
+            return KeyType(KeyType.RSA, self.privatekey_size)
+        elif key_type == "ecdsa" or key_type == "ec":
+            return KeyType(KeyType.ECDSA, self.privatekey_curve)
+        else:
+            self.module.fail_json(msg=("Failed to determine key type: %s. Must be RSA or ECDSA"
+                                       % self.privatekey_type))
+
     def _get_pkcs12_cert_path(self):
         """
 
@@ -783,7 +792,7 @@ def main():
         module.exit_json(**change_dump)
 
     if not vcert.check_dirs_existed():
-        module.fail_json(msg="Dirs not existed")
+        module.fail_json(msg="directories do not exist")
     if change_dump['changed']:
         # TODO: Cover it by tests
         """
diff --git a/requirements.txt b/requirements.txt
index 1c1e045..e1dbe6e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,3 @@
-vcert==0.16.0
+vcert==0.16.2
 ansible==8.0.0
 cryptography==40.0.2
\ No newline at end of file