diff --git a/tigervnc.changes b/tigervnc.changes
index e652a37..c449f33 100644
--- a/tigervnc.changes
+++ b/tigervnc.changes
@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Tue Mar 26 08:22:53 UTC 2019 - Yifan Jiang <yfjiang@suse.com>
+
+- Update with-vnc-key.sh to use only hostname for CN.
+
+  The gnutls introduces gnutls_x509_crt_check_hostname2 in
+  gnutls/lib/x509/hostname-verify.c#L159 to check if the given
+  certificate's subject matches the given hostname.
+
+  The function is used by the recent version of libvncclient which
+  will fail to verify the certification if there is a mismatching
+  between the connected hostname and the cert issuer's common name.
+
+  https://github.com/LibVNC/libvncserver/commit/cc69ee9
+
+  So the previous way to generate the vnc server's cert brings a
+  complicated CN, making the client using libvncclient
+  (e.g. vinagre, remmina) hard to adapt the hostname check. It is
+  better to populate the hostname as the common name without extra
+  strings.
+
 -------------------------------------------------------------------
 Thu Mar 21 09:16:51 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
 
diff --git a/with-vnc-key.sh b/with-vnc-key.sh
index 8da6bdc..39fc549 100644
--- a/with-vnc-key.sh
+++ b/with-vnc-key.sh
@@ -25,7 +25,7 @@ fi
     # If the cert file doesn't exist, generate it.
     if ! test -e $TLSCERT ; then
         # Keeping it short, because hostname could be long and max CN is 64 characters
-        CN="VNC service on `hostname`"
+        CN="`hostname`"
         CN=${CN:0:64}
         openssl req -new -x509 -extensions usr_cert -key $TLSKEY -out $TLSCERT -days 7305 -subj "/CN=$CN/"
         chown vnc:vnc $TLSCERT