diff --git a/http/sys_seal.go b/http/sys_seal.go
index 9bb77efa93..f0f6e8b98e 100644
--- a/http/sys_seal.go
+++ b/http/sys_seal.go
@@ -3,6 +3,7 @@ package http
 import (
 	"encoding/hex"
 	"errors"
+	"fmt"
 	"net/http"
 
 	"github.com/hashicorp/errwrap"
@@ -92,6 +93,11 @@ func handleSysSealStatusRaw(core *vault.Core, w http.ResponseWriter, r *http.Req
 		respondError(w, http.StatusInternalServerError, err)
 		return
 	}
+	if sealConfig == nil {
+		respondError(w, http.StatusBadRequest, fmt.Errorf(
+			"server is not yet initialized"))
+		return
+	}
 
 	respondOk(w, &SealStatusResponse{
 		Sealed:   sealed,
diff --git a/http/sys_seal_test.go b/http/sys_seal_test.go
index 44d8c6e519..fa45dd9b9c 100644
--- a/http/sys_seal_test.go
+++ b/http/sys_seal_test.go
@@ -34,6 +34,18 @@ func TestSysSealStatus(t *testing.T) {
 	}
 }
 
+func TestSysSealStatus_uninit(t *testing.T) {
+	core := vault.TestCore(t)
+	ln, addr := TestServer(t, core)
+	defer ln.Close()
+
+	resp, err := http.Get(addr + "/v1/sys/seal-status")
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	testResponseStatus(t, resp, 400)
+}
+
 func TestSysSeal(t *testing.T) {
 	core := vault.TestCore(t)
 	vault.TestCoreInit(t, core)