diff --git a/base/univention-ssl/gencertificate.py b/base/univention-ssl/gencertificate.py
index b56ba7a..8f956c8 100644
--- a/base/univention-ssl/gencertificate.py
+++ b/base/univention-ssl/gencertificate.py
@@ -36,6 +36,7 @@
 from listener import configRegistry, setuid, unsetuid
 import grp
 import os
+import tempfile
 
 import univention.debug as ud
 import subprocess
@@ -159,11 +160,11 @@ def create_certificate(hostname, domainname):
 		ud.debug(ud.LISTENER, ud.INFO,
 				'CERTIFICATE: Creating certificate %s' % hostname)
 
-		cmd = '. /usr/share/univention-ssl/make-certificates.sh;gencert "%s" "%s"' % \
-				(fqdn, fqdn)
-		ret = subprocess.call(cmd, shell=True)
-		if ret:
-			raise Exception("Certificate creation failed.")
+		with tempfile.NamedTemporaryFile() as fd:
+			fd.write('. /usr/share/univention-ssl/make-certificates.sh; gencert "$@"; exit $?')
+			fd.flush()
+			if subprocess.call(('/bin/sh', fd.name, fqdn, fqdn)):
+				raise Exception("Certificate creation failed.")
 
 	# Create symlink
 	try: