diff --git a/Makefile b/Makefile
index 9f234f1f050359ce56514613ca2e905b7ff76756..1d08139f3dcdd6e7df92625300227480ea5a0536 100644
--- a/Makefile
+++ b/Makefile
@@ -10,6 +10,18 @@ clean:
 test: clean
 	./ssl-ca init
 	./ssl-ca gen www
+	openssl verify -CAfile CA.crt certs/www
+	test "$$(openssl x509 -in certs/www -issuer -noout)" == "issuer= /CN=*.*.ssl-ca"
+	test "$$(openssl x509 -in certs/www -subject -noout)" == "subject= /CN=*.*.www.ssl-ca"
 	openssl genrsa -out keys/smtp
 	./ssl-ca sign
+	openssl verify -CAfile CA.crt certs/smtp
+	test "$$(openssl x509 -in certs/smtp -issuer -noout)" == "issuer= /CN=*.*.ssl-ca"
+	test "$$(openssl x509 -in certs/smtp -subject -noout)" == "subject= /CN=*.*.smtp.ssl-ca"
 	./ssl-ca resign
+	openssl verify -CAfile CA.crt certs/www
+	openssl verify -CAfile CA.crt certs/smtp
+	test "$$(openssl x509 -in certs/www -issuer -noout)" == "issuer= /CN=*.*.ssl-ca"
+	test "$$(openssl x509 -in certs/www -subject -noout)" == "subject= /CN=*.*.www.ssl-ca"
+	test "$$(openssl x509 -in certs/smtp -issuer -noout)" == "issuer= /CN=*.*.ssl-ca"
+	test "$$(openssl x509 -in certs/smtp -subject -noout)" == "subject= /CN=*.*.smtp.ssl-ca"
diff --git a/README.rst b/README.rst
index 08381709ad9799a329a4baaf589eb8d7a6e27c04..ecc5131ecb46b880163b5eb7a3708b060eb4b1d0 100644
--- a/README.rst
+++ b/README.rst
@@ -81,4 +81,3 @@ TODO
 ----
 
 - Add checks and failure messages to each action.
-- Verify that the fqdn is correct.
diff --git a/ssl-ca b/ssl-ca
index 378143de266ae5672e98d5a046c93bbca9ced759..464a4661deeb70295086a1ee0ca1a0a2181539cd 100755
--- a/ssl-ca
+++ b/ssl-ca
@@ -53,7 +53,7 @@ init () {
 
 sign_key () {
     csr="$(mktemp -t ssl-ca)"
-    export domain="$1.$domain"
+    export domain="$1.$(basename $PWD)"
     openssl req \
         -key keys/$1 \
         -new \