diff --git a/cert.go b/cert.go
index 4ce36cc..40880d3 100644
--- a/cert.go
+++ b/cert.go
@@ -59,13 +59,28 @@ func (m *mkcert) makeCert(hosts []string) {
 	// Certificates last for 2 years and 3 months, which is always less than
 	// 825 days, the limit that macOS/iOS apply to all certificates,
 	// including custom roots. See https://support.apple.com/en-us/HT210176.
-	expiration := time.Now().AddDate(2, 3, 0)
+	expiration := time.Now().AddDate(0, 0, m.certDays)
+
+	certOrg := "mkcert development certificate"
+	certOrgUnit := userAndHostname
+	certCommonName := hosts[0]
+
+    if m.certOrg != "" {
+        certOrg = m.certOrg
+    }
+    if m.certOrgUnit != "" {
+        certOrgUnit = m.certOrgUnit
+    }
+    if m.certCommonName != "" {
+        certCommonName = m.certCommonName
+    }
 
 	tpl := &x509.Certificate{
 		SerialNumber: randomSerialNumber(),
 		Subject: pkix.Name{
-			Organization:       []string{"mkcert development certificate"},
-			OrganizationalUnit: []string{userAndHostname},
+			Organization:       []string{certOrg},
+			OrganizationalUnit: []string{certOrgUnit},
+			CommonName: certCommonName,
 		},
 
 		NotBefore: time.Now(), NotAfter: expiration,
@@ -324,20 +339,34 @@ func (m *mkcert) newCA() {
 
 	skid := sha1.Sum(spki.SubjectPublicKey.Bytes)
 
+	caOrg := "mkcert development CA"
+	caOrgUnit := userAndHostname
+	caCommonName := "mkcert " + userAndHostname
+
+    if m.caOrg != "" {
+        caOrg = m.caOrg
+    }
+    if m.caOrgUnit != "" {
+        caOrgUnit = m.caOrgUnit
+    }
+    if m.caCommonName != "" {
+        caCommonName = m.caCommonName
+    }
+
 	tpl := &x509.Certificate{
 		SerialNumber: randomSerialNumber(),
 		Subject: pkix.Name{
-			Organization:       []string{"mkcert development CA"},
-			OrganizationalUnit: []string{userAndHostname},
+			Organization:       []string{caOrg},
+			OrganizationalUnit: []string{caOrgUnit},
 
 			// The CommonName is required by iOS to show the certificate in the
 			// "Certificate Trust Settings" menu.
 			// https://github.com/FiloSottile/mkcert/issues/47
-			CommonName: "mkcert " + userAndHostname,
+			CommonName: caCommonName,
 		},
 		SubjectKeyId: skid[:],
 
-		NotAfter:  time.Now().AddDate(10, 0, 0),
+		NotAfter:  time.Now().AddDate(m.caYears, 0, 0),
 		NotBefore: time.Now(),
 
 		KeyUsage: x509.KeyUsageCertSign,
diff --git a/main.go b/main.go
index 6c5e835..e8f0b4c 100644
--- a/main.go
+++ b/main.go
@@ -102,6 +102,17 @@ func main() {
 		certFileFlag  = flag.String("cert-file", "", "")
 		keyFileFlag   = flag.String("key-file", "", "")
 		p12FileFlag   = flag.String("p12-file", "", "")
+		// certInfo
+		certOrgFlag   = flag.String("cert-org", "", "")
+		certOrgUnitFlag   = flag.String("cert-orgUnit", "", "")
+		certCommonNameFlag   = flag.String("cert-commonName", "", "")
+		certDaysFlag   = flag.Int("ca-days", 825, "")
+		// caInfo
+		caOrgFlag   = flag.String("ca-org", "", "")
+		caOrgUnitFlag   = flag.String("ca-orgUnit", "", "")
+		caCommonNameFlag   = flag.String("ca-commonName", "", "")
+		caYearsFlag   = flag.Int("ca-years", 10, "")
+
 		versionFlag   = flag.Bool("version", false, "")
 	)
 	flag.Usage = func() {
@@ -146,6 +157,8 @@ func main() {
 		installMode: *installFlag, uninstallMode: *uninstallFlag, csrPath: *csrFlag,
 		pkcs12: *pkcs12Flag, ecdsa: *ecdsaFlag, client: *clientFlag,
 		certFile: *certFileFlag, keyFile: *keyFileFlag, p12File: *p12FileFlag,
+		certOrg: *certOrgFlag, certOrgUnit: *certOrgUnitFlag, certCommonName: *certCommonNameFlag, certDays: *certDaysFlag,
+		caOrg: *caOrgFlag, caOrgUnit: *caOrgUnitFlag, caCommonName: *caCommonNameFlag, caYears: *caYearsFlag,
 	}).Run(flag.Args())
 }
 
@@ -156,6 +169,10 @@ type mkcert struct {
 	installMode, uninstallMode bool
 	pkcs12, ecdsa, client      bool
 	keyFile, certFile, p12File string
+	certOrg, certOrgUnit, certCommonName string
+	certDays int
+	caOrg, caOrgUnit, caCommonName string
+	caYears int
 	csrPath                    string
 
 	CAROOT string