diff --git a/lib/ritm/certs/ca.rb b/lib/ritm/certs/ca.rb
index 5067e60..945830e 100644
--- a/lib/ritm/certs/ca.rb
+++ b/lib/ritm/certs/ca.rb
@@ -20,9 +20,9 @@ def self.load(crt, private_key)
       end
     end
 
-    def sign(certificate)
+    def sign(certificate, extensions = self.class.signing_profile)
       certificate.cert.parent = @cert
-      certificate.cert.sign!(self.class.signing_profile)
+      certificate.cert.sign!(extensions)
     end
 
     def self.signing_profile
@@ -30,7 +30,8 @@ def self.signing_profile
         'extensions' => {
           'keyUsage' => { 'usage' => %w[keyEncipherment digitalSignature] },
           'extendedKeyUsage' => { 'usage' => %w[serverAuth clientAuth] }
-        }
+        },
+        'digest' => 'SHA512'
       }
     end
 
diff --git a/lib/ritm/certs/certificate.rb b/lib/ritm/certs/certificate.rb
index 2c2e5d2..21d352a 100644
--- a/lib/ritm/certs/certificate.rb
+++ b/lib/ritm/certs/certificate.rb
@@ -20,7 +20,7 @@ def self.create(common_name, serial_number: nil)
       cert.subject.country = 'AR'
       cert.not_before = cert.not_before - 3600 * 24 * 30 # Substract 30 days
       cert.serial_number.number = serial_number || common_name.hash.abs
-      cert.key_material.generate_key(1024)
+      cert.key_material.generate_key(4096)
       yield cert if block_given?
       new cert
     end
diff --git a/lib/ritm/configuration.rb b/lib/ritm/configuration.rb
index be90cd6..3b45895 100644
--- a/lib/ritm/configuration.rb
+++ b/lib/ritm/configuration.rb
@@ -7,7 +7,12 @@ def default_settings # rubocop:disable Metrics/MethodLength
       {
         proxy: {
           bind_address: '127.0.0.1',
-          bind_port: 8080
+          bind_port: 8080,
+          auth_proc: Proc.new do |req, res|
+            WEBrick::HTTPAuth.proxy_basic_auth(req, res, 'proxy') do |user, pass|
+              user == "user" && pass == "pass"
+            end
+          end
         },
 
         ssl_reverse_proxy: {
diff --git a/lib/ritm/proxy/cert_signing_https_server.rb b/lib/ritm/proxy/cert_signing_https_server.rb
index 270203a..c9814b0 100644
--- a/lib/ritm/proxy/cert_signing_https_server.rb
+++ b/lib/ritm/proxy/cert_signing_https_server.rb
@@ -34,7 +34,13 @@ def prepare_sni_callback(ctx, ca)
           mutex.synchronize do
             unless contexts.include? servername
               cert = Ritm::Certificate.create(servername)
-              ca.sign(cert)
+              extensions = Ritm::CA.signing_profile
+              extensions['extensions']['subjectAltName'] = {
+                'dns_names' => [servername],
+                'uris' => [servername]
+              }
+              ca.sign(cert, extensions)
+
               contexts[servername] = context_with_cert(sock.context, cert)
             end
           end
@@ -64,3 +70,4 @@ def duplicate_context(original_ctx)
     end
   end
 end
+
diff --git a/lib/ritm/proxy/launcher.rb b/lib/ritm/proxy/launcher.rb
index ac3ac1c..6411968 100644
--- a/lib/ritm/proxy/launcher.rb
+++ b/lib/ritm/proxy/launcher.rb
@@ -44,6 +44,7 @@ def build_settings(session)
       def build_proxy
         @http = Ritm::Proxy::ProxyServer.new(BindAddress: @conf.proxy.bind_address,
                                              Port: @conf.proxy.bind_port,
+                                             ProxyAuthProc: @conf.proxy.auth_proc,
                                              AccessLog: [],
                                              Logger: WEBrick::Log.new(File.open(File::NULL, 'w')),
                                              https_forward: @https_forward,
@@ -53,7 +54,8 @@ def build_proxy
       end
 
       def build_reverse_proxy
-        @https = Ritm::Proxy::SSLReverseProxy.new(@conf.ssl_reverse_proxy.bind_port,
+        @https = Ritm::Proxy::SSLReverseProxy.new(@conf.ssl_reverse_proxy.bind_address,
+                                                  @conf.ssl_reverse_proxy.bind_port,
                                                   @certificate,
                                                   @forwarder)
       end
diff --git a/lib/ritm/proxy/ssl_reverse_proxy.rb b/lib/ritm/proxy/ssl_reverse_proxy.rb
index be79732..585b3a8 100644
--- a/lib/ritm/proxy/ssl_reverse_proxy.rb
+++ b/lib/ritm/proxy/ssl_reverse_proxy.rb
@@ -9,13 +9,15 @@ module Proxy
     # It does man-in-the-middle with on-the-fly certificate signing using the given CA
     class SSLReverseProxy
       # Creates a HTTPS server with the given settings
+      # @param host [String]: Host to bind the service
       # @param port [Fixnum]: TCP port to bind the service
       # @param ca [Ritm::CA]: The certificate authority used to sign fake server certificates
       # @param forwarder [Ritm::HTTPForwarder]: Forwards http traffic with interception
-      def initialize(port, ca, forwarder)
+      def initialize(host, port, ca, forwarder)
         @ca = ca
         default_vhost = 'localhost'
-        @server = CertSigningHTTPSServer.new(Port: port,
+        @server = CertSigningHTTPSServer.new(BindAddress: host,
+                                             Port: port,
                                              AccessLog: [],
                                              Logger: WEBrick::Log.new(File.open(File::NULL, 'w')),
                                              ca: ca,