diff --git a/xCAT-server/share/xcat/ca/openssl.cnf.tmpl b/xCAT-server/share/xcat/ca/openssl.cnf.tmpl
index 3d25097f2..abfe25892 100644
--- a/xCAT-server/share/xcat/ca/openssl.cnf.tmpl
+++ b/xCAT-server/share/xcat/ca/openssl.cnf.tmpl
@@ -226,7 +226,10 @@ basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
 [ san_env ]
-subjectAltName = ${ENV::SAN}
+subjectAltName = @alt_names
+
+[ alt_names ]
+#XCATCASAN#
 
 [ v3_ca ]
 
diff --git a/xCAT-server/share/xcat/scripts/setup-server-cert.sh b/xCAT-server/share/xcat/scripts/setup-server-cert.sh
index 0b66e462b..b724f7b3f 100755
--- a/xCAT-server/share/xcat/scripts/setup-server-cert.sh
+++ b/xCAT-server/share/xcat/scripts/setup-server-cert.sh
@@ -22,8 +22,8 @@ if [ -e $XCATDIR/cert ]; then
 fi
 mkdir -p $XCATDIR/cert
 cd $XCATDIR/cert
+sed -i "s/#XCATCASAN#/DNS.1 = `hostname --long`\nDNS.2 = `hostname --short`/g" $XCATCADIR/openssl.cnf
 openssl genrsa -out server-key.pem 2048
-export SAN="DNS:`hostname --long`,DNS:`hostname --short`"
 openssl req -config $XCATCADIR/openssl.cnf -new -key server-key.pem -out server-req.pem -extensions server -subj "/CN=$CNA"
 cp server-req.pem  $XCATDIR/ca/`hostname`.csr
 cd -