diff --git a/cert.go b/cert.go
index 25ca342..8079a8a 100644
--- a/cert.go
+++ b/cert.go
@@ -6,6 +6,7 @@ import (
 	"crypto/rand"
 	"crypto/tls"
 	"crypto/x509"
+	"crypto/x509/pkix"
 	"encoding/pem"
 	"log"
 	"math/big"
@@ -91,6 +92,7 @@ func (c *CertificateStore) Load(path string) error {
 type CertificateOptions struct {
 	IPAddresses []net.IP
 	DNSNames    []string
+	Subject     pkix.Name
 	Duration    time.Duration
 }
 
@@ -138,6 +140,7 @@ func newX509KeyPair(options CertificateOptions) (*x509.Certificate, crypto.Priva
 		BasicConstraintsValid: true,
 		IPAddresses:           options.IPAddresses,
 		DNSNames:              options.DNSNames,
+		Subject:               options.Subject,
 	}
 
 	crt, err := x509.CreateCertificate(rand.Reader, &template, &template, public, priv)
diff --git a/examples/auth.go b/examples/auth.go
index c32e398..41fb70c 100644
--- a/examples/auth.go
+++ b/examples/auth.go
@@ -5,6 +5,7 @@ package main
 import (
 	"crypto/tls"
 	"crypto/x509"
+	"crypto/x509/pkix"
 	"fmt"
 	"log"
 	"time"
@@ -48,6 +49,9 @@ func main() {
 	}
 	server.CreateCertificate = func(hostname string) (tls.Certificate, error) {
 		return gemini.CreateCertificate(gemini.CertificateOptions{
+			Subject: pkix.Name{
+				CommonName: hostname,
+			},
 			DNSNames: []string{hostname},
 			Duration: time.Hour,
 		})
diff --git a/examples/server.go b/examples/server.go
index a15594c..0328f66 100644
--- a/examples/server.go
+++ b/examples/server.go
@@ -4,6 +4,7 @@ package main
 
 import (
 	"crypto/tls"
+	"crypto/x509/pkix"
 	"log"
 	"time"
 
@@ -19,6 +20,9 @@ func main() {
 	}
 	server.CreateCertificate = func(hostname string) (tls.Certificate, error) {
 		return gemini.CreateCertificate(gemini.CertificateOptions{
+			Subject: pkix.Name{
+				CommonName: hostname,
+			},
 			DNSNames: []string{hostname},
 			Duration: time.Minute, // for testing purposes
 		})