diff --git a/proxy2.py b/proxy2.py
index e2defb9..b16c5a5 100644
--- a/proxy2.py
+++ b/proxy2.py
@@ -12,6 +12,7 @@
 import time
 import json
 import re
+from string import Template
 from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
 from SocketServer import ThreadingMixIn
 from cStringIO import StringIO
@@ -44,6 +45,7 @@ class ProxyRequestHandler(BaseHTTPRequestHandler):
     cacert = join_with_script_dir('ca.crt')
     certkey = join_with_script_dir('cert.key')
     certdir = join_with_script_dir('certs/')
+    conf_template = Template("subjectAltName=${category}:${hostname}")
     timeout = 5
     lock = threading.Lock()
 
@@ -68,14 +70,25 @@ def do_CONNECT(self):
 
     def connect_intercept(self):
         hostname = self.path.split(':')[0]
+        ippat = re.compile("^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$")
+        if ippat.match(hostname):
+            cert_category = "IP"
+        else:
+            cert_category = "DNS"
+
+
         certpath = "%s/%s.crt" % (self.certdir.rstrip('/'), hostname)
+        confpath = "%s/%s.cnf" % (self.certdir.rstrip('/'), hostname)
 
         with self.lock:
             if not os.path.isfile(certpath):
+                with open(confpath, 'w') as fp:
+                    fp.write(self.conf_template.substitute(category = cert_category, hostname = hostname))
                 epoch = "%d" % (time.time() * 1000)
                 p1 = Popen(["openssl", "req", "-new", "-key", self.certkey, "-subj", "/CN=%s" % hostname], stdout=PIPE)
-                p2 = Popen(["openssl", "x509", "-req", "-days", "3650", "-CA", self.cacert, "-CAkey", self.cakey, "-set_serial", epoch, "-out", certpath], stdin=p1.stdout, stderr=PIPE)
+                p2 = Popen(["openssl", "x509", "-req", "-extfile", confpath, "-days", "3650", "-CA", self.cacert, "-CAkey", self.cakey, "-set_serial", epoch, "-sha512", "-out", certpath], stdin=p1.stdout, stderr=PIPE)
                 p2.communicate()
+                os.unlink(confpath)
 
         self.wfile.write("%s %d %s\r\n" % (self.protocol_version, 200, 'Connection Established'))
         self.end_headers()
diff --git a/setup_https_intercept.sh b/setup_https_intercept.sh
index e630abc..7539988 100755
--- a/setup_https_intercept.sh
+++ b/setup_https_intercept.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
 openssl genrsa -out ca.key 2048
-openssl req -new -x509 -days 3650 -key ca.key -out ca.crt -subj "/CN=proxy2 CA"
+openssl req -new -x509 -days 3650 -key ca.key -sha512 -out ca.crt -subj "/CN=proxy2 CA"
 openssl genrsa -out cert.key 2048
 mkdir certs/