diff --git a/.gitignore b/.gitignore
index cfa4370189676c011d73d45d4111e383ea8f3b27..c47510bd75f62f708afbb18c1179942ec6b9f6c8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 bin/
 vendor/
 Gopkg.lock
+.idea/
 
diff --git a/handler/generate_certificate.go b/handler/generate_certificate.go
index 59599beb4bf816df63a56afadf608d6b8304e953..d5ec9a982b5b10773f4de698644909dcd32f81ed 100644
--- a/handler/generate_certificate.go
+++ b/handler/generate_certificate.go
@@ -32,6 +32,7 @@ import (
 	"code.vereign.com/code/viam-apis/utils"
 	"code.vereign.com/code/viam-apis/versions"
 	"golang.org/x/net/context"
+	"encoding/asn1"
 )
 
 func (s *KeyStorageServerImpl) GenerateCertificate(ctx context.Context, in *api.GenerateCertificateRequest) (*api.GenerateCertificateResponse, error) {
@@ -98,18 +99,44 @@ func generateCertificate(publicKeyBytes []byte, caCertFilePath string, caPrivate
 	template := x509.Certificate{
 		SerialNumber: sn,
 		Subject: pkix.Name{
-			Country:            []string{certificateData.Country},
-			Organization:       []string{certificateData.Organization},
-			OrganizationalUnit: []string{certificateData.OrganizationalUnit},
 			CommonName:         certificateData.CommonName,
 		},
-		NotBefore:             notBeforeTime,
-		NotAfter:              notAfterTime,
-		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
-		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-		BasicConstraintsValid: true,
-		IsCA:     false,
-		DNSNames: []string{certificateData.Host},
+		NotBefore:             	notBeforeTime,
+		NotAfter:              	notAfterTime,
+		KeyUsage:              	x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageDataEncipherment | x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
+		ExtKeyUsage:           	[]x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageEmailProtection, x509.ExtKeyUsageTimeStamping},
+		BasicConstraintsValid: 	true,
+		IsCA:     				true,
+	}
+
+	if certificateData.Country != "" {
+		template.Subject.Country = []string{certificateData.Country}
+	}
+	if certificateData.Locality != "" {
+		template.Subject.Locality = []string{certificateData.Locality}
+	}
+	if certificateData.Province != "" {
+		template.Subject.Province = []string{certificateData.Province}
+	}
+	if certificateData.Organization != "" {
+		template.Subject.Organization = []string{certificateData.Organization}
+	}
+	if certificateData.OrganizationalUnit != "" {
+		template.Subject.OrganizationalUnit = []string{certificateData.OrganizationalUnit}
+	}
+	if certificateData.Host != "" {
+		template.DNSNames = []string{certificateData.Host}
+	}
+	if certificateData.Email != "" {
+		template.EmailAddresses = []string{certificateData.Email}
+
+		oidPKCS9EmailAddress := asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 1}
+		template.Subject.ExtraNames = []pkix.AttributeTypeAndValue{
+			{
+				Type:  oidPKCS9EmailAddress,
+				Value: certificateData.Email,
+			},
+		}
 	}
 
 	caCertificate, err := readCertificateFromFile(caCertFilePath)