diff --git a/modules/mysql/main.tf b/modules/mysql/main.tf
index b5b5790..98c31f3 100644
--- a/modules/mysql/main.tf
+++ b/modules/mysql/main.tf
@@ -43,7 +43,15 @@ locals {
   # 'private_network" ("") doesn't match regexp "projects/...'
   ip_configuration = "${local.ip_configuration_def[local.ip_configuration_key]}"
 
+  # Replica proxy connection info
   failover_proxy_connection = "${join("",data.template_file.failover_proxy_connection.*.rendered)}"
+
+  # Replica certificate info
+  failover_certificate                  = "${join("",data.template_file.failover_certificate.*.rendered)}"
+  failover_certificate_common_name      = "${join("",data.template_file.failover_certificate_common_name.*.rendered)}"
+  failover_certificate_create_time      = "${join("",data.template_file.failover_certificate_create_time.*.rendered)}"
+  failover_certificate_expiration_time  = "${join("",data.template_file.failover_certificate_expiration_time.*.rendered)}"
+  failover_certificate_sha1_fingerprint = "${join("",data.template_file.failover_certificate_sha1_fingerprint.*.rendered)}"
 }
 
 # ------------------------------------------------------------------------------
@@ -201,10 +209,43 @@ resource "google_sql_database_instance" "failover_replica" {
 }
 
 # ------------------------------------------------------------------------------
-# FAILOVER REPLICA CERTIFICATE PROXY CONNECTION TEMPLATE
+# FAILOVER REPLICA PROXY CONNECTION TEMPLATE
 # ------------------------------------------------------------------------------
 
 data "template_file" "failover_proxy_connection" {
   count    = "${var.enable_failover_replica}"
   template = "${var.project}:${var.region}:${google_sql_database_instance.failover_replica.0.name}"
 }
+
+# ------------------------------------------------------------------------------
+# FAILOVER REPLICA CERTIFICATE TEMPLATES
+#
+# We have to produce the certificate outputs via template_file. Using splat syntax would yield:
+# Resource 'google_sql_database_instance.failover_replica' does not have attribute 'server_ca_cert.0.cert'
+# for variable 'google_sql_database_instance.failover_replica.*.server_ca_cert.0.cert'
+# ------------------------------------------------------------------------------
+
+data "template_file" "failover_certificate" {
+  count    = "${var.enable_failover_replica}"
+  template = "${google_sql_database_instance.failover_replica.0.server_ca_cert.0.cert}"
+}
+
+data "template_file" "failover_certificate_common_name" {
+  count    = "${var.enable_failover_replica}"
+  template = "${google_sql_database_instance.failover_replica.0.server_ca_cert.0.common_name}"
+}
+
+data "template_file" "failover_certificate_create_time" {
+  count    = "${var.enable_failover_replica}"
+  template = "${google_sql_database_instance.failover_replica.0.server_ca_cert.0.create_time}"
+}
+
+data "template_file" "failover_certificate_expiration_time" {
+  count    = "${var.enable_failover_replica}"
+  template = "${google_sql_database_instance.failover_replica.0.server_ca_cert.0.expiration_time}"
+}
+
+data "template_file" "failover_certificate_sha1_fingerprint" {
+  count    = "${var.enable_failover_replica}"
+  template = "${google_sql_database_instance.failover_replica.0.server_ca_cert.0.sha1_fingerprint}"
+}
diff --git a/modules/mysql/outputs.tf b/modules/mysql/outputs.tf
index 93108d7..2d74e43 100644
--- a/modules/mysql/outputs.tf
+++ b/modules/mysql/outputs.tf
@@ -77,8 +77,6 @@ output "db_name" {
 output "failover_instance_name" {
   description = "The name of the failover database instance"
   value       = "${join("", google_sql_database_instance.failover_replica.*.name)}"
-
-  #value       = "${local.failover_name}"
 }
 
 # Due to the provider output format (list of list of maps), this will be rendered in a very awkward way and as such is really not usable
@@ -107,29 +105,27 @@ output "failover_proxy_connection" {
 # ------------------------------------------------------------------------------
 
 output "failover_replica_ca_cert" {
-  value = "${join("", google_sql_database_instance.failover_replica.*.server_ca_cert.0.cert)}"
-
-  #value       = "${local.failover_certificate}"
+  value       = "${local.failover_certificate}"
   description = "The CA Certificate used to connect to the failover instance via SSL"
 }
 
 output "failover_replica_ca_cert_common_name" {
-  value       = "${join("", google_sql_database_instance.failover_replica.*.server_ca_cert.0.common_name)}"
+  value       = "${local.failover_certificate_common_name}"
   description = "The CN valid for the failover instance CA Cert"
 }
 
 output "failover_replica_ca_cert_create_time" {
-  value       = "${join("", google_sql_database_instance.failover_replica.*.server_ca_cert.0.create_time)}"
+  value       = "${local.failover_certificate_create_time}"
   description = "Creation time of the failover instance CA Cert"
 }
 
 output "failover_replica_ca_cert_expiration_time" {
-  value       = "${join("", google_sql_database_instance.failover_replica.*.server_ca_cert.0.expiration_time)}"
+  value       = "${local.failover_certificate_expiration_time}"
   description = "Expiration time of the failover instance CA Cert"
 }
 
 output "failover_replica_ca_cert_sha1_fingerprint" {
-  value       = "${join("", google_sql_database_instance.failover_replica.*.server_ca_cert.0.sha1_fingerprint)}"
+  value       = "${local.failover_certificate_sha1_fingerprint}"
   description = "SHA Fingerprint of the failover instance CA Cert"
 }