diff --git a/xCAT-server/share/xcat/ca/openssl.cnf.tmpl b/xCAT-server/share/xcat/ca/openssl.cnf.tmpl
index a519d9053f..25ee6a5577 100644
--- a/xCAT-server/share/xcat/ca/openssl.cnf.tmpl
+++ b/xCAT-server/share/xcat/ca/openssl.cnf.tmpl
@@ -167,7 +167,7 @@ basicConstraints=CA:FALSE
 nsCertType			= server, client, objsign
 nsComment			= "OpenSSL Generated Server Certificate"
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
+#authorityKeyIdentifier=keyid,issuer
 keyUsage = digitalSignature,keyAgreement,keyEncipherment
 extendedKeyUsage = serverAuth, clientAuth
 
@@ -205,7 +205,7 @@ nsComment			= "OpenSSL Generated Client Certificate"
 
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
+#authorityKeyIdentifier=keyid,issuer
 
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
diff --git a/xCAT-server/share/xcat/scripts/setup-dockerhost-cert.sh b/xCAT-server/share/xcat/scripts/setup-dockerhost-cert.sh
index ffc22a465d..9a6f6f8544 100755
--- a/xCAT-server/share/xcat/scripts/setup-dockerhost-cert.sh
+++ b/xCAT-server/share/xcat/scripts/setup-dockerhost-cert.sh
@@ -60,7 +60,7 @@ if [ ! -e $XCATDOCKERCADIR/certs ]; then
 fi
 
 openssl genrsa -out ca/dockerhost-key.pem 2048
-openssl req -config ca/openssl.cnf -new -key ca/dockerhost-key.pem -out cert/dockerhost-req.pem -extensions server -subj "/CN=$CNA"
+openssl req -config ca/openssl.cnf -new -key ca/dockerhost-key.pem -out cert/dockerhost-req.pem -subj "/CN=$CNA"
 mv cert/dockerhost-req.pem  ca/$CNA\.csr
 cd -
 cd $XCATDOCKERCADIR