diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/PushCertificateParserTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/PushCertificateParserTest.java
index 26b4d88f5..3a4b00d87 100644
--- a/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/PushCertificateParserTest.java
+++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/PushCertificateParserTest.java
@@ -334,6 +334,26 @@ public class PushCertificateParserTest {
 		assertNull(PushCertificateParser.fromReader(reader));
 	}
 
+	@Test
+	public void testMissingPusheeField() throws Exception {
+		// Omit pushee line from existing cert. (This means the signature would not
+		// match, but we're not verifying it here.)
+		String input = INPUT.replace("0024pushee git://localhost/repo.git\n", "");
+		assertFalse(input.contains(PushCertificateParser.PUSHEE));
+
+		PacketLineIn pckIn = newPacketLineIn(input);
+		PushCertificateParser parser =
+				new PushCertificateParser(db, newEnabledConfig());
+		parser.receiveHeader(pckIn, false);
+		parser.addCommand(pckIn.readString());
+		assertEquals(PushCertificateParser.BEGIN_SIGNATURE, pckIn.readString());
+		parser.receiveSignature(pckIn);
+
+		PushCertificate cert = parser.build();
+		assertEquals("0.1", cert.getVersion());
+		assertNull(cert.getPushee());
+	}
+
 	private static String concatPacketLines(String input, int begin, int end)
 			throws IOException {
 		StringBuilder result = new StringBuilder();
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java
index fdc70adc8..165a93908 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificate.java
@@ -98,10 +98,6 @@ public class PushCertificate {
 			throw new IllegalArgumentException(MessageFormat.format(
 					JGitText.get().pushCertificateInvalidField, PUSHER));
 		}
-		if (pushee == null || pushee.isEmpty()) {
-			throw new IllegalArgumentException(MessageFormat.format(
-					JGitText.get().pushCertificateInvalidField, PUSHEE));
-		}
 		if (nonce == null || nonce.isEmpty()) {
 			throw new IllegalArgumentException(MessageFormat.format(
 					JGitText.get().pushCertificateInvalidField, NONCE));
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java
index 1bc73bb3e..6494aea63 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/PushCertificateParser.java
@@ -273,7 +273,11 @@ public class PushCertificateParser {
 
 	private static String parseHeader(StringReader reader, String header)
 			throws IOException {
-		String s = reader.read();
+		return parseHeader(reader.read(), header);
+	}
+
+	private static String parseHeader(String s, String header)
+			throws IOException {
 		if (s.isEmpty()) {
 			throw new EOFException();
 		}
@@ -331,8 +335,13 @@ public class PushCertificateParser {
 						JGitText.get().pushCertificateInvalidFieldValue,
 						PUSHER, rawPusher));
 			}
-			pushee = parseHeader(reader, PUSHEE);
-			receivedNonce = parseHeader(reader, NONCE);
+			String next = reader.read();
+			if (next.startsWith(PUSHEE)) {
+				pushee = parseHeader(next, PUSHEE);
+				receivedNonce = parseHeader(reader, NONCE);
+			} else {
+				receivedNonce = parseHeader(next, NONCE);
+			}
 			nonceStatus = nonceGenerator != null
 					? nonceGenerator.verify(
 						receivedNonce, sentNonce(), db, stateless, nonceSlopLimit)