diff --git a/application.cfg b/application.cfg
index 4064b83..31be6c7 100644
--- a/application.cfg
+++ b/application.cfg
@@ -21,11 +21,14 @@ SERVER_NAME = f'account.{ DOMAIN }:9090'
 LENTICULAR_CLOUD_SERVICES = {
 	'jabber': {
 		'client_cert': True,
-		'client_cert_option':{
+		'pki_config':{
 			'email': '{username}@jabber.{domain}'
 		}
 	},
 	'calendar': {
 		'client_cert': True
+	},
+	'mail': {
+		'client_cert': True
 	}
 }
diff --git a/lenticular_cloud/model.py b/lenticular_cloud/model.py
index 298b842..075fcf5 100644
--- a/lenticular_cloud/model.py
+++ b/lenticular_cloud/model.py
@@ -113,7 +113,7 @@ class Service(object):
         if 'client_cert' in config:
             service._client_cert = bool(config['client_cert'])
         if 'pki_config' in config:
-            service._pki_config = config['pki_config']
+            service._pki_config.update(config['pki_config'])
 
         return service
 
diff --git a/lenticular_cloud/pki.py b/lenticular_cloud/pki.py
index 3a44c07..89f4069 100644
--- a/lenticular_cloud/pki.py
+++ b/lenticular_cloud/pki.py
@@ -86,8 +86,8 @@ class Pki(object):
         ca_public_key = ca_private_key.public_key()
         end_entity_cert_builder = x509.CertificateBuilder().\
             subject_name(x509.Name([
-                x509.NameAttribute(NameOID.COMMON_NAME, username),
-                x509.NameAttribute(NameOID.EMAIL_ADDRESS, f'{username}@jabber.{domain}'),
+                x509.NameAttribute(NameOID.COMMON_NAME, config['cn'].format(username=username, domain=domain)),
+                x509.NameAttribute(NameOID.EMAIL_ADDRESS, config['email'].format(username=username, domain=domain)),
             ])).\
             issuer_name(ca_cert.subject).\
             not_valid_before(not_valid_before).\