diff --git a/bin/gen-certs.sh b/bin/gen-certs.sh
index 5235df0..1447e6f 100755
--- a/bin/gen-certs.sh
+++ b/bin/gen-certs.sh
@@ -16,6 +16,7 @@ openssl req \
   -nodes \
   -x509 \
   -days 1825 \
+  -extensions req_extensions \
   -keyout certs/ups.dock.key \
   -out certs/ups.dock.crt
 
diff --git a/config/openssl.conf b/config/openssl.conf
index 0c978cd..ea94b38 100644
--- a/config/openssl.conf
+++ b/config/openssl.conf
@@ -4,7 +4,6 @@ default_bits       = 2048
 default_keyfile    = server-key.pem
 distinguished_name = req_distinguished_name
 req_extensions     = req_extensions
-x509_extensions    = x509_extensions
 string_mask        = utf8only
 prompt             = no
 
@@ -26,16 +25,6 @@ keyUsage             = digitalSignature, keyEncipherment
 subjectAltName       = @alternate_names
 nsComment            = "OpenSSL Generated Certificate"
 
-[ x509_extensions ]
-
-subjectKeyIdentifier   = hash
-authorityKeyIdentifier = keyid,issuer
-
-basicConstraints       = CA:FALSE
-keyUsage               = digitalSignature, keyEncipherment
-subjectAltName         = @alternate_names
-nsComment              = "OpenSSL Generated Certificate"
-
 [ alternate_names ]
 
 DNS.1 = ups.dock