diff --git a/impacket/examples/ntlmrelayx/attacks/ldapattack.py b/impacket/examples/ntlmrelayx/attacks/ldapattack.py
index 090ecf5e7f..4e343dc0d0 100644
--- a/impacket/examples/ntlmrelayx/attacks/ldapattack.py
+++ b/impacket/examples/ntlmrelayx/attacks/ldapattack.py
@@ -284,7 +284,7 @@ def shadowCredentialsAttack(self, domainDumper):
             LOG.info("Target user found: %s" % target_dn)
 
         LOG.info("Generating certificate")
-        key,certificate = shadow_credentials.createSelfSignedX509Certificate(subject=currentShadowCredentialsTarget, nBefore=(-40 * 365), nAfter=(40 * 365))
+        key,certificate = shadow_credentials.createSelfSignedX509Certificate(subject=currentShadowCredentialsTarget, nBefore=(-40 * 365), nAfter=(40 * 365), domain=domain)
         LOG.info("Certificate generated")
         LOG.info("Generating KeyCredential")
         keyCredential = shadow_credentials.KeyCredential(certificate,key,deviceId=shadow_credentials.getDeviceId(),currentTime=shadow_credentials.getTicksNow())
diff --git a/impacket/examples/ntlmrelayx/utils/shadow_credentials.py b/impacket/examples/ntlmrelayx/utils/shadow_credentials.py
index 25f4cd7335..c7e3b6ff5c 100644
--- a/impacket/examples/ntlmrelayx/utils/shadow_credentials.py
+++ b/impacket/examples/ntlmrelayx/utils/shadow_credentials.py
@@ -1,7 +1,7 @@
 from struct import pack
 from Cryptodome.Util.number import long_to_bytes
 from Cryptodome.PublicKey import RSA
-from OpenSSL.crypto import PKey, X509, TYPE_RSA
+from OpenSSL.crypto import PKey, X509, TYPE_RSA, X509Extension
 import OpenSSL
 import base64
 import uuid
@@ -28,13 +28,20 @@ def getTicksNow():
 def getDeviceId():
     return uuid.uuid4().bytes
 
-def createSelfSignedX509Certificate(subject,nBefore,nAfter,kSize=2048):
+def createSelfSignedX509Certificate(subject,nBefore,nAfter,kSize=2048, domain=""):
     key = PKey()
     key.generate_key(TYPE_RSA,kSize)
 
     certificate = X509()
 
     certificate.get_subject().CN = subject
+
+    if domain != "":
+        certificate.set_version(2)
+        upn_extension = f"otherName:1.3.6.1.4.1.311.20.2.3;UTF8:{subject}@{domain}".encode('utf-8')
+        subjectAltName = X509Extension(b"subjectAltName", False, upn_extension)
+        certificate.add_extensions([subjectAltName])
+
     certificate.set_issuer(certificate.get_subject())
     certificate.gmtime_adj_notBefore(nBefore)
     certificate.gmtime_adj_notAfter(nAfter)