diff --git a/core/src/main/kotlin/com/r3corda/core/crypto/X509Utilities.kt b/core/src/main/kotlin/com/r3corda/core/crypto/X509Utilities.kt
index 60d8b40329..1f51c836e6 100644
--- a/core/src/main/kotlin/com/r3corda/core/crypto/X509Utilities.kt
+++ b/core/src/main/kotlin/com/r3corda/core/crypto/X509Utilities.kt
@@ -522,7 +522,7 @@ object X509Utilities {
         val serverCert = X509Utilities.createServerCert(subject,
                 serverKey.public,
                 intermediateCA,
-                listOf(),
+                if(host.canonicalHostName == host.hostName) listOf() else listOf(host.hostName),
                 listOf(host.hostAddress))
 
         val keypass = keyPassword.toCharArray()
diff --git a/core/src/test/kotlin/com/r3corda/core/crypto/X509UtilitiesTest.kt b/core/src/test/kotlin/com/r3corda/core/crypto/X509UtilitiesTest.kt
index 65cb19c455..4f14c0a748 100644
--- a/core/src/test/kotlin/com/r3corda/core/crypto/X509UtilitiesTest.kt
+++ b/core/src/test/kotlin/com/r3corda/core/crypto/X509UtilitiesTest.kt
@@ -162,7 +162,7 @@ class X509UtilitiesTest {
         serverCertAndKey.certificate.verify(caCertAndKey.certificate.publicKey)
         val host = InetAddress.getLocalHost()
 
-        assertTrue { serverCertAndKey.certificate.subjectDN.name.contains("CN=" + host.hostName) }
+        assertTrue { serverCertAndKey.certificate.subjectDN.name.contains("CN=" + host.canonicalHostName) }
 
         // Now sign something with private key and verify against certificate public key
         val testData = "123456".toByteArray()
@@ -261,7 +261,7 @@ class X509UtilitiesTest {
         val peerX500Principal = (peerChain[0] as X509Certificate).subjectX500Principal
         val x500name = X500Name(peerX500Principal.name)
         val cn = x500name.getRDNs(BCStyle.CN).first().first.value.toString()
-        val hostname = InetAddress.getLocalHost().hostName
+        val hostname = InetAddress.getLocalHost().canonicalHostName
         assertEquals(hostname, cn)