diff --git a/app/src/main/java/org/fdroid/fdroid/data/DBHelper.java b/app/src/main/java/org/fdroid/fdroid/data/DBHelper.java
index a0d6ceb27..8f0c80a39 100644
--- a/app/src/main/java/org/fdroid/fdroid/data/DBHelper.java
+++ b/app/src/main/java/org/fdroid/fdroid/data/DBHelper.java
@@ -82,16 +82,22 @@ public class DBHelper {
                     addresses.add(address);
                 }
             }
-            InitialRepository repo = new InitialRepository(
-                    initialRepos.get(i), // name
-                    addresses.get(0), // primary address (by convention: the first item)
-                    addresses.subList(1, addresses.size()), // list of mirrors
-                    initialRepos.get(i + 2), // description
-                    initialRepos.get(i + 6),  // certificate
-                    Integer.parseInt(initialRepos.get(i + 3)), // version
-                    enabled, // enabled
-                    weight++ // weight
-            );
+            InitialRepository repo;
+            try {
+                repo = new InitialRepository(
+                        initialRepos.get(i), // name
+                        addresses.get(0), // primary address (by convention: the first item)
+                        addresses.subList(1, addresses.size()), // list of mirrors
+                        initialRepos.get(i + 2), // description
+                        initialRepos.get(i + 6),  // certificate
+                        Integer.parseInt(initialRepos.get(i + 3)), // version
+                        enabled, // enabled
+                        weight++ // weight
+                );
+            } catch (IllegalArgumentException e) {
+                Log.e(TAG, "Invalid repo: " + addresses.get(0), e);
+                continue;
+            }
             hasEnabledRepo = hasEnabledRepo || enabled;
             db.getRepositoryDao().insert(repo);
         }
diff --git a/libs/database/src/dbTest/java/org/fdroid/database/RepositoryDaoTest.kt b/libs/database/src/dbTest/java/org/fdroid/database/RepositoryDaoTest.kt
index 4c150d062..08a8dd7d3 100644
--- a/libs/database/src/dbTest/java/org/fdroid/database/RepositoryDaoTest.kt
+++ b/libs/database/src/dbTest/java/org/fdroid/database/RepositoryDaoTest.kt
@@ -32,7 +32,7 @@ internal class RepositoryDaoTest : DbTest() {
             address = getRandomString(),
             mirrors = listOf(getRandomString(), getRandomString(), getRandomString()),
             description = getRandomString(),
-            certificate = getRandomString(),
+            certificate = "abcdef", // not random, because format gets checked
             version = Random.nextLong(),
             enabled = Random.nextBoolean(),
             weight = Random.nextInt(),
diff --git a/libs/database/src/main/java/org/fdroid/database/Repository.kt b/libs/database/src/main/java/org/fdroid/database/Repository.kt
index 0178a805b..f4c1b24da 100644
--- a/libs/database/src/main/java/org/fdroid/database/Repository.kt
+++ b/libs/database/src/main/java/org/fdroid/database/Repository.kt
@@ -36,6 +36,11 @@ internal data class CoreRepository(
     internal companion object {
         const val TABLE = "CoreRepository"
     }
+
+    init {
+        // TODO comment in some time after #2662 had time to resolve itself
+//        validateCertificate(certificate)
+    }
 }
 
 internal fun RepoV2.toCoreRepository(
@@ -384,4 +389,15 @@ public data class InitialRepository @JvmOverloads constructor(
     val version: Long,
     val enabled: Boolean,
     val weight: Int,
-)
+) {
+    init {
+        validateCertificate(certificate)
+    }
+}
+
+@Throws(IllegalArgumentException::class)
+private fun validateCertificate(certificate: String?) {
+    if (certificate != null) require(certificate.length % 2 == 0 &&
+        certificate.chunked(2).find { it.toIntOrNull(16) == null } == null
+    ) { "Invalid certificate: $certificate" }
+}