diff --git a/ansible/roles/certificates/tasks/generate-backend.yml b/ansible/roles/certificates/tasks/generate-backend.yml
index 341f5dcdb73c6d90fbbbd3e602553bf0ac668876..edb778913412b0125bd560f534ce3c7f9a4afd67 100644
--- a/ansible/roles/certificates/tasks/generate-backend.yml
+++ b/ansible/roles/certificates/tasks/generate-backend.yml
@@ -39,6 +39,8 @@
     -CA "{{ root_dir }}/root.crt"
     -CAkey "{{ root_dir }}/root.key"
     -CAcreateserial
+    -extensions v3_req
+    -extfile "{{ kolla_certificates_dir }}/openssl-kolla-backend.cnf"
     -out "{{ backend_dir }}/backend.crt"
     -days 500
     -sha256
diff --git a/ansible/roles/certificates/tasks/generate.yml b/ansible/roles/certificates/tasks/generate.yml
index fe16f46891a0793124de2ca60b4d376020e6fc1d..b38f8ab41f37d2d871dab0e5b3de5b2ceab7c3dd 100644
--- a/ansible/roles/certificates/tasks/generate.yml
+++ b/ansible/roles/certificates/tasks/generate.yml
@@ -46,6 +46,8 @@
         -CA "{{ root_dir }}/root.crt"
         -CAkey "{{ root_dir }}/root.key"
         -CAcreateserial
+        -extensions v3_req
+        -extfile "{{ kolla_certificates_dir }}/openssl-kolla.cnf"
         -out "{{ external_dir }}/external.crt"
         -days 365
         -sha256
@@ -114,6 +116,8 @@
         -CA "{{ root_dir }}/root.crt"
         -CAkey "{{ root_dir }}/root.key"
         -CAcreateserial
+        -extensions v3_req
+        -extfile "{{ kolla_certificates_dir }}/openssl-kolla-internal.cnf"
         -out "{{ internal_dir }}/internal.crt"
         -days 365
         -sha256
diff --git a/ansible/roles/certificates/templates/openssl-kolla-internal.cnf.j2 b/ansible/roles/certificates/templates/openssl-kolla-internal.cnf.j2
index 0fc84f2bd42c4764275368bb723e2816addc8963..e41313032365becdf9a65176db29a28f526de9ac 100644
--- a/ansible/roles/certificates/templates/openssl-kolla-internal.cnf.j2
+++ b/ansible/roles/certificates/templates/openssl-kolla-internal.cnf.j2
@@ -8,7 +8,6 @@ countryName = US
 stateOrProvinceName = NC
 localityName = RTP
 organizationalUnitName = kolla
-commonName = {{ kolla_internal_fqdn }}
 
 [v3_req]
 subjectAltName = @alt_names
@@ -16,6 +15,5 @@ subjectAltName = @alt_names
 [alt_names]
 {% if kolla_internal_fqdn != kolla_internal_vip_address %}
 DNS.1 = {{ kolla_internal_fqdn }}
-{% else %}
-IP.1 = {{ kolla_internal_fqdn }}
 {% endif %}
+IP.1 = {{ kolla_internal_vip_address }}
diff --git a/ansible/roles/certificates/templates/openssl-kolla.cnf.j2 b/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
index a0273720ddf8fbd8c079485318404ced2b0d5ae2..0e828df6b793757b2198a1275e014d75ad131b77 100644
--- a/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
+++ b/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
@@ -8,7 +8,6 @@ countryName = US
 stateOrProvinceName = NC
 localityName = RTP
 organizationalUnitName = kolla
-commonName = {{ kolla_external_fqdn }}
 
 [v3_req]
 subjectAltName = @alt_names
@@ -16,6 +15,5 @@ subjectAltName = @alt_names
 [alt_names]
 {% if kolla_external_fqdn != kolla_external_vip_address %}
 DNS.1 = {{ kolla_external_fqdn }}
-{% else %}
-IP.1 = {{ kolla_external_fqdn }}
 {% endif %}
+IP.1 = {{ kolla_external_vip_address }}