diff --git a/playbooks/ocserv-create-user-cert.yml b/playbooks/ocserv-create-user-cert.yml
index 99c44d3..eecaa23 100644
--- a/playbooks/ocserv-create-user-cert.yml
+++ b/playbooks/ocserv-create-user-cert.yml
@@ -1,6 +1,6 @@
 # Create key and certificate files for a ocserv client. Run with:
 #
-# ansible-playbook playbooks/ocserv-create-user-cert.yml -euser=<username> -egroup=<group> [-edays=<days>]
+# ansible-playbook playbooks/ocserv-create-user-cert.yml -email=<email> -egroup=<group> [-edays=<days>]
 #
 # Default certificate lifetime is 365 days.
 
@@ -9,14 +9,14 @@
   tasks:
     - name: Set certificate filename
       set_fact:
-        filename: "{{ inventory_hostname }}-{{ user }}-{{ now(utc=true, fmt='%s.%f') }}"
+        filename: "{{ inventory_hostname }}-{{ mail }}-{{ now(utc=true, fmt='%s.%f') }}"
 
     - name: Create client key and signing request
       delegate_to: localhost
       shell:
         cmd: |
           openssl genpkey -algorithm rsa -out {{ filename }}.key
-          openssl req -new -subj /O=fri/OU={{ group }}/CN={{ user }} -key {{ filename }}.key -out {{ filename }}.csr
+          openssl req -new -subj "/O=fri/OU={{ group }}/CN={{ mail }}/emailAddress={{ mail }}/" -key {{ filename }}.key -out {{ filename }}.csr
         chdir: "{{ inventory_dir }}"
 
     # create certificate and store a copy on the server