diff --git a/recipes/default.rb b/recipes/default.rb
index f0fa1c2cc4d0745c1257b1e87262610fe944c986..7c32af742045a459f29be89821cdfdea696a6ce7 100644
--- a/recipes/default.rb
+++ b/recipes/default.rb
@@ -279,7 +279,7 @@ bash 'Create Certificate' do
 	cwd '/etc/apache2/ssl/'
 	code <<-EOF
 		chmod 755 create_certificate_for_domain.sh
-		./create_certificate_for_domain.sh #{node['typo3_site']['hostname']}
+		./create_certificate_for_domain.sh #{node['typo3_site']['hostname']} #{node['typo3_site']['server_aliases']}
 	EOF
 	action :run
 end
diff --git a/templates/default/create_certificate_for_domain.sh b/templates/default/create_certificate_for_domain.sh
index 4f3cd95b2bb32725340d910e9d8c37b2700aaab5..6df528a2d1efb9cbca80661aa9ee6efef31baca9 100755
--- a/templates/default/create_certificate_for_domain.sh
+++ b/templates/default/create_certificate_for_domain.sh
@@ -1,8 +1,8 @@
 #!/usr/bin/env bash
 if [ -z "$1" ]
 then
-  echo "Please supply a subdomain to create a certificate for";
-  echo "e.g. www.mysite.com"
+  echo "Please supply at least one subdomain to create a certificate for";
+  echo "e.g. www.example.com"
   exit;
 fi
 
@@ -15,15 +15,24 @@ fi
 
 DOMAIN=$1
 COMMON_NAME=${2:-*.$1}
-SUBJECT="/C=CA/ST=None/L=NB/O=None/CN=$COMMON_NAME"
+SUBJECT="/C=CA/ST=None/L=NB/O=None/CN=${COMMON_NAME}"
 NUM_OF_DAYS=999
-openssl req -new -newkey rsa:2048 -sha256 -nodes $KEY_OPT device.key -subj "$SUBJECT" -out device.csr
-cat v3.ext | sed s/%%DOMAIN%%/$COMMON_NAME/g > /tmp/__v3.ext
-openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days $NUM_OF_DAYS -sha256 -extfile /tmp/__v3.ext 
+openssl req -new -newkey rsa:2048 -sha256 -nodes ${KEY_OPT} device.key -subj "${SUBJECT}" -out device.csr
+
+cp v3.ext /tmp/__v3.ext
+DOMAIN_COUNTER=1
+for domain_in_list in "$@"
+do
+	echo "DNS.${DOMAIN_COUNTER} = ${domain_in_list}" >> /tmp/__v3.ext
+    ((DOMAIN_COUNTER++))
+done
+#cat v3.ext | sed s/%%DOMAIN%%/${COMMON_NAME}/g > /tmp/__v3.ext
+
+openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days ${NUM_OF_DAYS} -sha256 -extfile /tmp/__v3.ext
 
 # move output files to final filenames
-mv device.csr $DOMAIN.csr
-cp device.crt $DOMAIN.crt
+mv device.csr ${DOMAIN}.csr
+cp device.crt ${DOMAIN}.crt
 
 # remove temp file
 rm -f device.crt;
diff --git a/templates/default/v3.ext b/templates/default/v3.ext
index 7515c66d72d23a6bbbda54fb7de0a4a6b4ab57b5..6083d960ed1079b032bbd1e5fef19bb4a179ec38 100644
--- a/templates/default/v3.ext
+++ b/templates/default/v3.ext
@@ -4,4 +4,3 @@ keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
 subjectAltName = @alt_names
 
 [alt_names]
-DNS.1 = %%DOMAIN%%