diff --git a/ansible/roles/certificates/tasks/generate-backend.yml b/ansible/roles/certificates/tasks/generate-backend.yml
index 341f5dcdb7..edb7789134 100644
--- a/ansible/roles/certificates/tasks/generate-backend.yml
+++ b/ansible/roles/certificates/tasks/generate-backend.yml
@@ -39,6 +39,8 @@
     -CA "{{ root_dir }}/root.crt"
     -CAkey "{{ root_dir }}/root.key"
     -CAcreateserial
+    -extensions v3_req
+    -extfile "{{ kolla_certificates_dir }}/openssl-kolla-backend.cnf"
     -out "{{ backend_dir }}/backend.crt"
     -days 500
     -sha256
diff --git a/ansible/roles/certificates/tasks/generate.yml b/ansible/roles/certificates/tasks/generate.yml
index fe16f46891..b38f8ab41f 100644
--- a/ansible/roles/certificates/tasks/generate.yml
+++ b/ansible/roles/certificates/tasks/generate.yml
@@ -46,6 +46,8 @@
         -CA "{{ root_dir }}/root.crt"
         -CAkey "{{ root_dir }}/root.key"
         -CAcreateserial
+        -extensions v3_req
+        -extfile "{{ kolla_certificates_dir }}/openssl-kolla.cnf"
         -out "{{ external_dir }}/external.crt"
         -days 365
         -sha256
@@ -114,6 +116,8 @@
         -CA "{{ root_dir }}/root.crt"
         -CAkey "{{ root_dir }}/root.key"
         -CAcreateserial
+        -extensions v3_req
+        -extfile "{{ kolla_certificates_dir }}/openssl-kolla-internal.cnf"
         -out "{{ internal_dir }}/internal.crt"
         -days 365
         -sha256
diff --git a/ansible/roles/certificates/templates/openssl-kolla-internal.cnf.j2 b/ansible/roles/certificates/templates/openssl-kolla-internal.cnf.j2
index 0fc84f2bd4..e413130323 100644
--- a/ansible/roles/certificates/templates/openssl-kolla-internal.cnf.j2
+++ b/ansible/roles/certificates/templates/openssl-kolla-internal.cnf.j2
@@ -8,7 +8,6 @@ countryName = US
 stateOrProvinceName = NC
 localityName = RTP
 organizationalUnitName = kolla
-commonName = {{ kolla_internal_fqdn }}
 
 [v3_req]
 subjectAltName = @alt_names
@@ -16,6 +15,5 @@ subjectAltName = @alt_names
 [alt_names]
 {% if kolla_internal_fqdn != kolla_internal_vip_address %}
 DNS.1 = {{ kolla_internal_fqdn }}
-{% else %}
-IP.1 = {{ kolla_internal_fqdn }}
 {% endif %}
+IP.1 = {{ kolla_internal_vip_address }}
diff --git a/ansible/roles/certificates/templates/openssl-kolla.cnf.j2 b/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
index a0273720dd..0e828df6b7 100644
--- a/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
+++ b/ansible/roles/certificates/templates/openssl-kolla.cnf.j2
@@ -8,7 +8,6 @@ countryName = US
 stateOrProvinceName = NC
 localityName = RTP
 organizationalUnitName = kolla
-commonName = {{ kolla_external_fqdn }}
 
 [v3_req]
 subjectAltName = @alt_names
@@ -16,6 +15,5 @@ subjectAltName = @alt_names
 [alt_names]
 {% if kolla_external_fqdn != kolla_external_vip_address %}
 DNS.1 = {{ kolla_external_fqdn }}
-{% else %}
-IP.1 = {{ kolla_external_fqdn }}
 {% endif %}
+IP.1 = {{ kolla_external_vip_address }}