diff --git a/pkg/route/api/validation/validation.go b/pkg/route/api/validation/validation.go
index 3c6dc1e7895f..ad3be7053cb4 100644
--- a/pkg/route/api/validation/validation.go
+++ b/pkg/route/api/validation/validation.go
@@ -7,6 +7,7 @@ import (
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/util"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/util/fielderrors"
 
+	"fmt"
 	routeapi "github.com/openshift/origin/pkg/route/api"
 )
 
@@ -49,8 +50,9 @@ func validateTLS(tls *routeapi.TLSConfig) fielderrors.ValidationErrorList {
 		return nil
 	}
 
+	switch tls.Termination {
 	//reencrypt must specify cert, key, cacert, and destination ca cert
-	if tls.Termination == routeapi.TLSTerminationReencrypt {
+	case routeapi.TLSTerminationReencrypt:
 		if len(tls.Certificate) == 0 {
 			result = append(result, fielderrors.NewFieldRequired("certificate"))
 		}
@@ -66,10 +68,8 @@ func validateTLS(tls *routeapi.TLSConfig) fielderrors.ValidationErrorList {
 		if len(tls.DestinationCACertificate) == 0 {
 			result = append(result, fielderrors.NewFieldRequired("destinationCACertificate"))
 		}
-	}
-
 	//passthrough term should not specify any cert
-	if tls.Termination == routeapi.TLSTerminationPassthrough {
+	case routeapi.TLSTerminationPassthrough:
 		if len(tls.Certificate) > 0 {
 			result = append(result, fielderrors.NewFieldInvalid("certificate", tls.Certificate, "passthrough termination does not support certificates"))
 		}
@@ -85,10 +85,8 @@ func validateTLS(tls *routeapi.TLSConfig) fielderrors.ValidationErrorList {
 		if len(tls.DestinationCACertificate) > 0 {
 			result = append(result, fielderrors.NewFieldInvalid("destinationCACertificate", tls.DestinationCACertificate, "passthrough termination does not support certificates"))
 		}
-	}
-
 	//edge cert should specify cert, key, and cacert
-	if tls.Termination == routeapi.TLSTerminationEdge {
+	case routeapi.TLSTerminationEdge:
 		if len(tls.Certificate) == 0 {
 			result = append(result, fielderrors.NewFieldRequired("certificate"))
 		}
@@ -104,7 +102,9 @@ func validateTLS(tls *routeapi.TLSConfig) fielderrors.ValidationErrorList {
 		if len(tls.DestinationCACertificate) > 0 {
 			result = append(result, fielderrors.NewFieldInvalid("destinationCACertificate", tls.DestinationCACertificate, "edge termination does not support destination certificates"))
 		}
+	default:
+		msg := fmt.Sprintf("invalid value for termination, acceptable values are %s, %s, %s, or emtpy (no tls specified)", routeapi.TLSTerminationEdge, routeapi.TLSTerminationPassthrough, routeapi.TLSTerminationReencrypt)
+		result = append(result, fielderrors.NewFieldInvalid("termination", tls.Termination, msg))
 	}
-
 	return result
 }
diff --git a/pkg/route/api/validation/validation_test.go b/pkg/route/api/validation/validation_test.go
index cf5ef72a26c4..43cbadea52a4 100644
--- a/pkg/route/api/validation/validation_test.go
+++ b/pkg/route/api/validation/validation_test.go
@@ -228,3 +228,13 @@ func TestValidateReencryptTermInvalid(t *testing.T) {
 		t.Errorf("Unexpected error list encountered: %#v.  Expected 4 errors, got %v", errs, len(errs))
 	}
 }
+
+func TestValidateTLSInvalidTermination(t *testing.T) {
+	errs := validateTLS(&api.TLSConfig{
+		Termination: "invalid",
+	})
+
+	if len(errs) != 1 {
+		t.Errorf("Unexpected error list encountered: %#v.  Expected 1 errors, got %v", errs, len(errs))
+	}
+}