diff --git a/src/freedombone b/src/freedombone
index d9502383..1a9b6d11 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -5683,12 +5683,12 @@ function configure_imap_client_certs {
     echo '}' >> /etc/dovecot/conf.d/10-auth.conf
   fi
   # make a CA cert
-  if [ ! -f /etc/ssl/private/dovecot-ca.key ]; then
-      freedombone-addcert -h dovecot-ca --ca
+  if [ ! -f /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key ]; then
+      freedombone-addcert -h $DEFAULT_DOMAIN_NAME --ca
   fi
   # CA configuration
   echo '[ ca ]' > /etc/ssl/dovecot-ca.cnf
-  echo 'default_ca = dovecot-ca' >> /etc/ssl/dovecot-ca.cnf
+  echo "default_ca = dovecot-ca" >> /etc/ssl/dovecot-ca.cnf
   echo '' >> /etc/ssl/dovecot-ca.cnf
   echo '[ crl_ext ]' >> /etc/ssl/dovecot-ca.cnf
   echo 'authorityKeyIdentifier=keyid:always' >> /etc/ssl/dovecot-ca.cnf
@@ -5696,9 +5696,9 @@ function configure_imap_client_certs {
   echo '[ dovecot-ca ]' >> /etc/ssl/dovecot-ca.cnf
   echo 'new_certs_dir = .' >> /etc/ssl/dovecot-ca.cnf
   echo 'unique_subject = no' >> /etc/ssl/dovecot-ca.cnf
-  echo 'certificate = /etc/ssl/certs/dovecot-ca.crt' >> /etc/ssl/dovecot-ca.cnf
+  echo "certificate = /etc/ssl/certs/ca-$DEFAULT_DOMAIN_NAME.crt" >> /etc/ssl/dovecot-ca.cnf
   echo 'database = ssldb' >> /etc/ssl/dovecot-ca.cnf
-  echo 'private_key = /etc/ssl/private/dovecot-ca.key' >> /etc/ssl/dovecot-ca.cnf
+  echo "private_key = /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key" >> /etc/ssl/dovecot-ca.cnf
   echo 'serial = sslserial' >> /etc/ssl/dovecot-ca.cnf
   echo 'default_days = 3650' >> /etc/ssl/dovecot-ca.cnf
   echo 'default_md = sha256' >> /etc/ssl/dovecot-ca.cnf
diff --git a/src/freedombone-addcert b/src/freedombone-addcert
index 145e4984..759252e5 100755
--- a/src/freedombone-addcert
+++ b/src/freedombone-addcert
@@ -91,6 +91,7 @@ case $key in
     ;;
     --ca)
     EXTENSIONS="-extensions v3_ca"
+    ORGANISATION="Freedombone-CA"
     ;;
     --nodh)
     NODH="true"
@@ -112,13 +113,21 @@ if ! which openssl > /dev/null ;then
     exit 5689
 fi
 
-openssl req -x509 $EXTENSIONS -nodes -days 3650 -sha256 -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" -newkey rsa:4096 -keyout /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/certs/$HOSTNAME.crt
-if [ ! $NODH ]; then
-    openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$HOSTNAME.dhparam
+CERTFILE=$HOSTNAME
+if [[ $EXTENSIONS != "" ]]; then
+	CERTFILE="ca-$HOSTNAME"
 fi
-chmod 400 /etc/ssl/private/$HOSTNAME.key
-chmod 640 /etc/ssl/certs/$HOSTNAME.crt
-chmod 640 /etc/ssl/certs/$HOSTNAME.dhparam
+
+openssl req -x509 $EXTENSIONS -nodes -days 3650 -sha256 \
+		-subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
+		-newkey rsa:4096 -keyout /etc/ssl/private/$CERTFILE.key \
+		-out /etc/ssl/certs/$HOSTNAME.crt
+if [ ! $NODH ]; then
+    openssl dhparam -check -text -5 1024 -out /etc/ssl/certs/$CERTFILE.dhparam
+fi
+chmod 400 /etc/ssl/private/$CERTFILE.key
+chmod 640 /etc/ssl/certs/$CERTFILE.crt
+chmod 640 /etc/ssl/certs/$CERTFILE.dhparam
 
 if [ -f /etc/init.d/nginx ]; then
   /etc/init.d/nginx reload
@@ -129,7 +138,7 @@ fi
 if [ ! -d /etc/ssl/mycerts ]; then
   mkdir /etc/ssl/mycerts
 fi
-cp /etc/ssl/certs/$HOSTNAME.crt /etc/ssl/mycerts
+cp /etc/ssl/certs/$CERTFILE.crt /etc/ssl/mycerts
 
 # Create a bundle of your certificates
 cat /etc/ssl/mycerts/*.crt > /etc/ssl/freedombone-bundle.crt