diff --git a/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java b/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java
index feab37b..0bd881e 100644
--- a/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java
+++ b/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java
@@ -269,11 +269,20 @@ public class DomainProcessorFactory implements EntityProcessorFactory {
 		ifOption(templateVars, query, "multiviews", "+MultiViews", "-MultiViews");
 		ifOption(templateVars, query, "htdocsfallback", Boolean.TRUE, Boolean.FALSE);
 		final Processor domSetupProcessor = new CompoundProcessor(
-			new ShellProcessor("export PEMS_DIR=/etc/apache2/pems-enabled/" + dom.getUser().getName() + " && "
-					+ "mkdir -p $PEMS_DIR/ && "
+			new CreateFileProcessor("/de/hsadmin/mods/dom/openssl-sna.cnf", templateVars, dom, "/tmp/openssl-sna.cnf", "root", "root", "644", true),
+			new ShellProcessor("export PEMS_DIR=/etc/apache2/pems-generated && "
+					+ "mkdir -p $PEMS_DIR && "
 					+ "cd $PEMS_DIR && "
-					+ "( ls " + domName + ".crt || ( echo \"\" > " + domName + ".chain && "
-					+ "openssl req -x509 -newkey rsa:2048 -keyout " + domName + ".key -out " + domName + ".crt -days 1100 -nodes -sha256 -subj '/CN=" + domName + "' ) ) &&"
+					+ "( ls " + domName + ".crt || ( echo \"\" > _." + domName + ".chain && "
+					+ "openssl req -x509 -newkey rsa:2048 -keyout _." + domName + ".key -out _." + domName + ".crt -days 1100 -nodes -sha256 -config /tmp/openssl-sna.cnf ) ) &&"
+					+ "chmod 400 _." + domName + "*"),
+			new ShellProcessor("export PEMS_DIR=/etc/apache2/pems-enabled && "
+					+ "mkdir -p $PEMS_DIR && "
+					+ "cd $PEMS_DIR && "
+					+ "( ls " + domName + ".crt ||"
+					+ " ( ln -s ../pems-generated/_." + domName + ".key " + domName + ".key"
+							+ " && ln -s ../pems-generated/_." + domName + ".crt " + domName + ".crt"
+							+ " && ln -s ../pems-generated/_." + domName + ".chain " + domName + ".chain ) ) && "
 					+ "chmod 400 " + domName + "*"),
 			new CreateFileProcessor("/de/hsadmin/mods/dom/apache-vhost.vm", templateVars, dom, "/etc/apache2/sites-available/" + domName + ".tmp", "root", "root", "644", true),
 			new ShellProcessor(
diff --git a/hsarback/src/de/hsadmin/mods/dom/apache-vhost.vm b/hsarback/src/de/hsadmin/mods/dom/apache-vhost.vm
index e4fdd2d..320e786 100644
--- a/hsarback/src/de/hsadmin/mods/dom/apache-vhost.vm
+++ b/hsarback/src/de/hsadmin/mods/dom/apache-vhost.vm
@@ -90,9 +90,9 @@
 #end    
 
     SSLEngine On
-    SSLCertificateFile /etc/apache2/pems-enabled/${dom.user.name}/${dom.name}.crt
-    SSLCertificateKeyFile /etc/apache2/pems-enabled/${dom.user.name}/${dom.name}.key
-    SSLCertificateChainFile /etc/apache2/pems-enabled/${dom.user.name}/${dom.name}.chain
+    SSLCertificateFile /etc/apache2/pems-enabled/${dom.name}.crt
+    SSLCertificateKeyFile /etc/apache2/pems-enabled/${dom.name}.key
+    SSLCertificateChainFile /etc/apache2/pems-enabled/${dom.name}.chain
        
     DocumentRoot /home/doms/${dom.name}/htdocs-ssl
 
diff --git a/hsarback/src/de/hsadmin/mods/dom/openssl-sna.cnf b/hsarback/src/de/hsadmin/mods/dom/openssl-sna.cnf
new file mode 100644
index 0000000..b5cd207
--- /dev/null
+++ b/hsarback/src/de/hsadmin/mods/dom/openssl-sna.cnf
@@ -0,0 +1,12 @@
+[req]
+prompt = no
+distinguished_name = req_dn
+x509_extensions = v3_ca 
+
+[req_dn]
+commonName = *.${dom.name}
+
+[v3_ca]
+basicConstraints = CA:FALSE
+extendedKeyUsage=serverAuth
+subjectAltName=DNS:*.${dom.name},DNS:${dom.name}