diff --git a/koji-setup/koji-gencert.sh b/koji-setup/koji-gencert.sh
index 5b38b60..147da7d 100755
--- a/koji-setup/koji-gencert.sh
+++ b/koji-setup/koji-gencert.sh
@@ -3,17 +3,16 @@
 
 set -e
 KOJI_USER="$1"
+CERT_SUBJECT="$2"
 
 DEBUG=
 SILENT="-s"
 QUIET="-q"
-for param in $2 $3 ; do
+for param in $3 ; do
   if [ $param ] ; then
     case $param in
 	    debug )
 		    DEBUG="debug" ;;
-      * )
-        CERT_SUBJECT="$2" ;;
     esac
   else
 	  break
@@ -27,12 +26,7 @@ if [ $DEBUG ] ; then
 fi
 
 openssl genrsa -out private/"$KOJI_USER".key 2048
-if [ -z "$CERT_SUBJECT" ]; then
-  cat ssl.cnf | sed "s/$HOSTNAME/'${user}'/"> ssl2.cnf
-	openssl req -config ssl2.cnf -new -nodes -out certs/"$KOJI_USER".csr -key private/"$KOJI_USER".key
-else
-	openssl req -subj "$CERT_SUBJECT" -config ssl.cnf -new -nodes -out certs/"$KOJI_USER".csr -key private/"$KOJI_USER".key
-fi
+openssl req -subj "$CERT_SUBJECT" -config ssl.cnf -new -nodes -out certs/"$KOJI_USER".csr -key private/"$KOJI_USER".key
 openssl ca -batch -config ssl.cnf -keyfile private/koji_ca_cert.key -cert koji_ca_cert.crt -out certs/"$KOJI_USER".crt -outdir certs -infiles certs/"$KOJI_USER".csr
 cat certs/"$KOJI_USER".crt private/"$KOJI_USER".key > "$KOJI_USER".pem
 # Browser certificate is not password-protected, ask users to change their password