diff --git a/back/lib/ssl_peer_add b/back/lib/ssl_peer_add
index 4ddcacf..b067100 100755
--- a/back/lib/ssl_peer_add
+++ b/back/lib/ssl_peer_add
@@ -59,7 +59,9 @@ if ! sudo chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" >>"${
 fi
 
 # Generate config
-san="subjectAltNames = DNS:${hostname}.${username}.${TLD},DNS:*.${hostname}.${username}.${TLD}"
+san="
+[SAN]
+subjectAltNames = DNS:${hostname}.${username}.${TLD},DNS:*.${hostname}.${username}.${TLD}"
 [ "${ipstring}" != "" ] && san="${san},${ipstring}"
 if ! printf '%s\n' "${san}" | sudo cat '/etc/ssl/openssl.cnf' /dev/stdin \
 | sudo tee "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf"; then
@@ -69,10 +71,10 @@ fi
 sudo cat "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" >>"${LOGFILE}"
 
 # Generate CSR
-if ! sudo /usr/bin/openssl req -new -sha256 -reqexts SAN \
+if ! sudo /usr/bin/openssl req -new -sha256 -reqexts SAN -extensions SAN \
 	-key "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" \
 	-out "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" \
-	-config "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" 
+	-config "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \
 	-subj "/O=${SSL_ORG}/OU=${username}/CN=${hostname}.${username}.${TLD}" \
 	 >>"${LOGFILE}" 2>&1; then
 		printf 'Failed to generate %s/%s/%s.csr\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"