diff --git a/main.fnl b/main.fnl
index 8473e34..db25350 100644
--- a/main.fnl
+++ b/main.fnl
@@ -89,9 +89,11 @@
           (: :setIssuer (ca-crt:getSubject))
           (: :setLifetime (os.time) (+ (* 365 86400) (os.time)))
           (: :setSubject (csr:getSubject))
-          (: :setPublicKey (csr:getPublicKey))
-          (: :sign ca-key))]
-    (crt:toPEM)))
+          (: :setPublicKey (csr:getPublicKey)))]
+    (for [i 1 (csr:getRequestedExtensionCount) 1]
+      (let [ext (csr:getRequestedExtension i)]
+        (crt:addExtension ext)))
+    (doto crt (: :sign ca-key))))
 
 (fn approve-request? [csr]
   (let [challengePassword (csr:getAttribute :challengePassword)]
@@ -105,7 +107,7 @@
     (if (approve-request? req)
         (do
           (out:write_headers (make-headers 200 { :content-type "text/plain" }) false)
-          (out:write_chunk (new-crt req) true))
+          (out:write_chunk (: (new-crt req) :toPEM) true))
         (send-error out 400 "missing attributes in CSR"))))
 
 (fn on-stream [sv out]