diff --git a/src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateCreator.java b/src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateCreator.java
index 5e02359..7f12ce7 100644
--- a/src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateCreator.java
+++ b/src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateCreator.java
@@ -13,6 +13,8 @@ import java.util.Optional;
 import java.util.concurrent.ExecutionException;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.stream.Collectors;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.lang.Nullable;
 import org.springframework.stereotype.Service;
@@ -157,11 +159,15 @@ public class OpenSSLCertificateCreator {
                 .map(CertificateRequestExtension::getAlternativeNames)
                 .orElse(List.of());
             if (!altNames.isEmpty()) {
-                String altNamesContent = String.join("\n", altNames);
-                extContent = extContent.replaceAll("\\[alt_names]\n?, ", "[alt_names]\n" + altNamesContent);
+                AtomicInteger counter = new AtomicInteger(1);
+                String altNamesContent = altNames
+                    .stream()
+                    .map(name -> "DNS.%d = %s".formatted(counter.getAndIncrement(), name))
+                    .collect(Collectors.joining("\n"));
+                extContent = extContent.replaceAll("\\[alt_names]\n?", "[alt_names]\n" + altNamesContent);
             } else {
                 extContent = extContent.replaceAll("\\s*subjectAltName\\s+=\\s+@alt_names\n?", "");
-                extContent = extContent.replaceAll("\\[alt_names]\n?, ", "");
+                extContent = extContent.replaceAll("\\[alt_names]\n?", "");
             }
 
             log.debug("Writing extension file content: \n {}", extContent);