diff --git a/src/manage_migrators.c b/src/manage_migrators.c
index 78f7eadf4..a9e118528 100644
--- a/src/manage_migrators.c
+++ b/src/manage_migrators.c
@@ -852,9 +852,9 @@ make_tls_certificate_214 (user_t owner,
   quoted_certificate_b64
     = certificate_b64 ? sql_quote (certificate_b64) : NULL;
   quoted_subject_dn
-    = subject_dn ? sql_ascii_escape_and_quote (subject_dn) : NULL;
+    = subject_dn ? sql_ascii_escape_and_quote (subject_dn, NULL) : NULL;
   quoted_issuer_dn
-    = issuer_dn ? sql_ascii_escape_and_quote (issuer_dn) : NULL;
+    = issuer_dn ? sql_ascii_escape_and_quote (issuer_dn, NULL) : NULL;
   quoted_md5_fingerprint
     = md5_fingerprint ? sql_quote (md5_fingerprint) : NULL;
   quoted_sha256_fingerprint
diff --git a/src/manage_sql_tls_certificates.c b/src/manage_sql_tls_certificates.c
index c21ab3a6c..e51f33eee 100644
--- a/src/manage_sql_tls_certificates.c
+++ b/src/manage_sql_tls_certificates.c
@@ -585,9 +585,9 @@ make_tls_certificate (const char *name,
   quoted_sha256_fingerprint
     = sql_quote (sha256_fingerprint ? sha256_fingerprint : "");
   quoted_subject_dn
-    = sql_ascii_escape_and_quote (subject_dn ? subject_dn : "");
+    = sql_ascii_escape_and_quote (subject_dn ? subject_dn : "", NULL);
   quoted_issuer_dn
-    = sql_ascii_escape_and_quote (issuer_dn ? issuer_dn : "");
+    = sql_ascii_escape_and_quote (issuer_dn ? issuer_dn : "", NULL);
   quoted_serial
     = sql_quote (serial ? serial : "");
 
@@ -1747,8 +1747,10 @@ cleanup_tls_certificate_encoding ()
       if (g_utf8_validate (subject_dn, -1, NULL) == FALSE
           || g_utf8_validate (issuer_dn, -1, NULL) == FALSE)
         {
-          gchar *quoted_subject_dn = sql_ascii_escape_and_quote (subject_dn);
-          gchar *quoted_issuer_dn = sql_ascii_escape_and_quote (issuer_dn);
+          gchar *quoted_subject_dn 
+            = sql_ascii_escape_and_quote (subject_dn, NULL);
+          gchar *quoted_issuer_dn 
+            = sql_ascii_escape_and_quote (issuer_dn, NULL);
 
           sql ("UPDATE tls_certificates"
                " SET subject_dn = '%s', issuer_dn = '%s'"
@@ -1779,8 +1781,8 @@ cleanup_tls_certificate_encoding ()
       subject_dn = iterator_string (&iterator, 1);
       issuer_dn = iterator_string (&iterator, 2);
 
-      gchar *quoted_subject_dn = sql_ascii_escape_and_quote (subject_dn);
-      gchar *quoted_issuer_dn = sql_ascii_escape_and_quote (issuer_dn);
+      gchar *quoted_subject_dn = sql_ascii_escape_and_quote (subject_dn, NULL);
+      gchar *quoted_issuer_dn = sql_ascii_escape_and_quote (issuer_dn, NULL);
 
       sql ("UPDATE tls_certificates"
             " SET subject_dn = '%s', issuer_dn = '%s'"
diff --git a/src/sql.c b/src/sql.c
index 41efb4688..efae4de7b 100644
--- a/src/sql.c
+++ b/src/sql.c
@@ -161,7 +161,7 @@ sql_quote (const char* string)
  * @return Freshly allocated, quoted string. Free with g_free.
  */
 gchar*
-sql_ascii_escape_and_quote (const char* string)
+sql_ascii_escape_and_quote (const char* string, const char* exceptions)
 {
   gchar *escaped_string;
   gchar *quoted_string;
@@ -171,9 +171,9 @@ sql_ascii_escape_and_quote (const char* string)
   if (string == NULL)
     return NULL;
 
-  escaped_string = strescape_check_utf8 (string, NULL);
+  escaped_string = strescape_check_utf8 (string, exceptions);
   quoted_string = sql_quote (escaped_string);
-  g_free (quoted_string);
+  g_free (escaped_string);
 
   return quoted_string;
 }
diff --git a/src/sql.h b/src/sql.h
index b0a225eff..08103a959 100644
--- a/src/sql.h
+++ b/src/sql.h
@@ -80,7 +80,7 @@ gchar *
 sql_quote (const char *);
 
 gchar *
-sql_ascii_escape_and_quote (const char *);
+sql_ascii_escape_and_quote (const char *, const char *);
 
 gchar *
 sql_insert (const char *);