diff --git a/sdk/keyvault/Azure.Security.KeyVault.Certificates/CHANGELOG.md b/sdk/keyvault/Azure.Security.KeyVault.Certificates/CHANGELOG.md
index 7c3290aff0bdf..36dff44be3f32 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Certificates/CHANGELOG.md
+++ b/sdk/keyvault/Azure.Security.KeyVault.Certificates/CHANGELOG.md
@@ -7,6 +7,7 @@
 - Fixed concurrency issue in our challenge-based authentication policy ([#9737](https://github.com/Azure/azure-sdk-for-net/issues/9737))
 - Fixed an issue where the issuer name was always null ([#10908](https://github.com/Azure/azure-sdk-for-net/issues/10908))
 - Fixed an issue where GetIssuerAsync would throw for issuers with contact information populated ([#10905](https://github.com/Azure/azure-sdk-for-net/issues/10905))
+- Fixed an issue where some Certificate policy properties were not serialized properly ([#11669](https://github.com/azure/azure-sdk-for-net/issues/11669))
 
 ## 4.0.1 (2020-03-03)
 
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Certificates/src/CertificatePolicy.cs b/sdk/keyvault/Azure.Security.KeyVault.Certificates/src/CertificatePolicy.cs
index 5aff22afc7968..a68af41a7c806 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Certificates/src/CertificatePolicy.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Certificates/src/CertificatePolicy.cs
@@ -269,7 +269,7 @@ void IJsonDeserializable.ReadProperties(JsonElement json)
         void IJsonSerializable.WriteProperties(Utf8JsonWriter json)
         {
             // Key Props
-            if (KeyType.HasValue || KeyCurveName.HasValue || KeySize.HasValue)
+            if (KeyType.HasValue || KeyCurveName.HasValue || KeySize.HasValue || ReuseKey.HasValue || Exportable.HasValue)
             {
                 json.WriteStartObject(s_keyPropsPropertyNameBytes);
 
diff --git a/sdk/keyvault/Azure.Security.KeyVault.Certificates/tests/CertificatePolicyTests.cs b/sdk/keyvault/Azure.Security.KeyVault.Certificates/tests/CertificatePolicyTests.cs
index f707ac4067c8a..44f6910f3642a 100644
--- a/sdk/keyvault/Azure.Security.KeyVault.Certificates/tests/CertificatePolicyTests.cs
+++ b/sdk/keyvault/Azure.Security.KeyVault.Certificates/tests/CertificatePolicyTests.cs
@@ -203,6 +203,27 @@ public void DisablePolicySerialized()
             }
         }
 
+        public static object[] KeyPolicySerializationTestCases =
+        {
+            new object[] {new CertificatePolicy() { KeyType = CertificateKeyType.Rsa }, @"{""key_props"":{""kty"":""RSA""}}" },
+            new object[] {new CertificatePolicy() { ReuseKey = false }, @"{""key_props"":{""reuse_key"":false}}" },
+            new object[] {new CertificatePolicy() { Exportable = false }, @"{""key_props"":{""exportable"":false}}" },
+            new object[] {new CertificatePolicy() { KeyCurveName = CertificateKeyCurveName.P256 }, @"{""key_props"":{""crv"":""P-256""}}" },
+            new object[] {new CertificatePolicy() { KeySize = 2048 }, @"{""key_props"":{""key_size"":2048}}" },
+        };
+
+        [Test]
+        [TestCaseSource(nameof(KeyPolicySerializationTestCases))]
+        public void KeyPolicySerialized(CertificatePolicy policy, string expectedJson)
+        {
+            using (JsonStream json = new JsonStream())
+            {
+                json.WriteObject(policy);
+
+                Assert.That(json.ToString(), Is.EqualTo(expectedJson));
+            }
+        }
+
         [Test]
         public void DefaultWithSubjectName()
         {