diff --git a/roles/vpn/templates/client_windows.ps1.j2 b/roles/vpn/templates/client_windows.ps1.j2
index 9b6d197..dfa1ebd 100644
--- a/roles/vpn/templates/client_windows.ps1.j2
+++ b/roles/vpn/templates/client_windows.ps1.j2
@@ -1,3 +1,3 @@
-certutil -f -p {{ easyrsa_p12_export_password }} -importpfx .\{{ IP_subject_alt_name }}_{{ item }}.p12
+certutil -f -p {{ easyrsa_p12_export_password }} -importpfx .\{{ item }}.p12
 Add-VpnConnection -name "Algo" -ServerAddress "{{ IP_subject_alt_name }}" -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required
 Set-VpnConnectionIPsecConfiguration -ConnectionName "Algo" -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -DHGroup Group14 -PfsGroup none
diff --git a/roles/vpn/templates/openssl.cnf.j2 b/roles/vpn/templates/openssl.cnf.j2
index 415557f..9ec12b2 100644
--- a/roles/vpn/templates/openssl.cnf.j2
+++ b/roles/vpn/templates/openssl.cnf.j2
@@ -108,7 +108,7 @@ basicConstraints	= CA:FALSE
 subjectKeyIdentifier	= hash
 authorityKeyIdentifier	= keyid,issuer:always
 
-extendedKeyUsage = serverAuth,1.3.6.1.5.5.7.3.17
+extendedKeyUsage = serverAuth,clientAuth,1.3.6.1.5.5.7.3.17
 keyUsage = digitalSignature, keyEncipherment
 subjectAltName = ${ENV::subjectAltName}