diff --git a/csr/csr.go b/csr/csr.go
index 6e5dd248195..e429fee1cec 100644
--- a/csr/csr.go
+++ b/csr/csr.go
@@ -123,7 +123,7 @@ func NamesFromCSR(csr *x509.CertificateRequest) names {
 	// which is shorter than the the maximum acceptable CN length (if any).
 	for _, name := range sans {
 		if len(name) <= maxCNLength {
-			return names{SANs: core.UniqueLowerNames(sans), CN: name}
+			return names{SANs: core.UniqueLowerNames(sans), CN: strings.ToLower(name)}
 		}
 	}
 
diff --git a/csr/csr_test.go b/csr/csr_test.go
index 377a49e991a..286d19f8dc1 100644
--- a/csr/csr_test.go
+++ b/csr/csr_test.go
@@ -184,6 +184,14 @@ func TestNamesFromCSR(t *testing.T) {
 			"a.com",
 			[]string{"a.com"},
 		},
+		{
+			"no explicit CN, uppercase SAN",
+			&x509.CertificateRequest{DNSNames: []string{
+				"A.com",
+			}},
+			"a.com",
+			[]string{"a.com"},
+		},
 		{
 			"no explicit CN, too long leading SANs",
 			&x509.CertificateRequest{DNSNames: []string{