diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 5317ff20..f9a60941 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -37,6 +37,7 @@ pub type X509_NAME = c_void;
 pub type X509_NAME_ENTRY = c_void;
 pub type X509_REQ = c_void;
 pub type X509_STORE_CTX = c_void;
+pub type stack_st_X509_EXTENSION = c_void;
 
 #[repr(C)]
 pub struct EVP_MD_CTX {
@@ -629,6 +630,9 @@ extern "C" {
     pub fn X509V3_EXT_conf(conf: *mut c_void, ctx: *mut X509V3_CTX, name: *mut c_char, value: *mut c_char) -> *mut X509_EXTENSION;
     pub fn X509V3_set_ctx(ctx: *mut X509V3_CTX, issuer: *mut X509, subject: *mut X509, req: *mut X509_REQ, crl: *mut X509_CRL, flags: c_int);
 
+    pub fn X509_REQ_add_extensions(req: *mut X509_REQ, exts: *mut stack_st_X509_EXTENSION) -> c_int;
+    pub fn X509_REQ_sign(x: *mut X509_REQ, pkey: *mut EVP_PKEY, md: *const EVP_MD) -> c_int;
+
     pub fn i2d_RSA_PUBKEY(k: *mut RSA, buf: *const *mut u8) -> c_int;
     pub fn d2i_RSA_PUBKEY(k: *const *mut RSA, buf: *const *const u8, len: c_uint) -> *mut RSA;
     pub fn i2d_RSAPrivateKey(k: *mut RSA, buf: *const *mut u8) -> c_int;
@@ -648,6 +652,8 @@ extern "C" {
     pub fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long;
     #[link_name = "SSL_set_tlsext_host_name_shim"]
     pub fn SSL_set_tlsext_host_name(s: *mut SSL, name: *const c_char) -> c_long;
+    #[link_name = "X509_get_extensions_shim"]
+    pub fn X509_get_extensions(x: *mut X509) -> *mut stack_st_X509_EXTENSION;
 }
 
 pub mod probe;
diff --git a/openssl-sys/src/openssl_shim.c b/openssl-sys/src/openssl_shim.c
index 7b4f9c74..f0622d2d 100644
--- a/openssl-sys/src/openssl_shim.c
+++ b/openssl-sys/src/openssl_shim.c
@@ -82,3 +82,7 @@ long SSL_CTX_set_read_ahead_shim(SSL_CTX *ctx, long m) {
 long SSL_set_tlsext_host_name_shim(SSL *s, char *name) {
     return SSL_set_tlsext_host_name(s, name);
 }
+
+STACK_OF(X509_EXTENSION) *X509_get_extensions_shim(X509 *x) {
+    return x->cert_info ? x->cert_info->extensions : NULL;
+}
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index a5df80f5..91daa66a 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -396,11 +396,20 @@ impl X509Generator {
             Err(x) => return Err(x)
         };
 
-        let hash_fn = self.hash_type.evp_md();
-        let req = unsafe { ffi::X509_to_X509_REQ(cert.handle, p_key.get_handle(), hash_fn) };
-        try_ssl_null!(req);
+        unsafe {
+            let req = ffi::X509_to_X509_REQ(cert.handle, ptr::null_mut(), ptr::null());
+            try_ssl_null!(req);
 
-        Ok(X509Req::new(req))
+            let exts = ffi::X509_get_extensions(cert.handle);
+            if exts != ptr::null_mut() {
+                try_ssl!(ffi::X509_REQ_add_extensions(req,exts));
+            }
+
+            let hash_fn = self.hash_type.evp_md();
+            try_ssl!(ffi::X509_REQ_sign(req, p_key.get_handle(), hash_fn));
+
+            Ok(X509Req::new(req))
+        }
     }
 }
 
diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
index 0aed364b..692539ba 100644
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@@ -4,6 +4,7 @@ use std::path::Path;
 use std::fs::File;
 
 use crypto::hash::Type::{SHA256};
+use crypto::pkey::PKey;
 use x509::{X509, X509Generator};
 use x509::extension::Extension::{KeyUsage,ExtKeyUsage,SubjectAltName,OtherNid,OtherStr};
 use x509::extension::AltNameOption as SAN;
@@ -11,9 +12,8 @@ use x509::extension::KeyUsageOption::{DigitalSignature, KeyEncipherment};
 use x509::extension::ExtKeyUsageOption::{self, ClientAuth, ServerAuth};
 use nid::Nid;
 
-#[test]
-fn test_cert_gen() {
-    let gen = X509Generator::new()
+fn get_generator() -> X509Generator {
+    X509Generator::new()
         .set_bitlength(2048)
         .set_valid_period(365*2)
         .add_name("CN".to_string(),"test_me".to_string())
@@ -22,9 +22,12 @@ fn test_cert_gen() {
         .add_extension(ExtKeyUsage(vec![ClientAuth, ServerAuth, ExtKeyUsageOption::Other("2.999.1".to_owned())]))
         .add_extension(SubjectAltName(vec![(SAN::DNS,"example.com".to_owned())]))
         .add_extension(OtherNid(Nid::BasicConstraints,"critical,CA:TRUE".to_owned()))
-        .add_extension(OtherStr("2.999.2".to_owned(),"ASN1:UTF8:example value".to_owned()));
+        .add_extension(OtherStr("2.999.2".to_owned(),"ASN1:UTF8:example value".to_owned()))
+}
 
-    let (cert, pkey) = gen.generate().unwrap();
+#[test]
+fn test_cert_gen() {
+    let (cert, pkey) = get_generator().generate().unwrap();
     cert.write_pem(&mut io::sink()).unwrap();
     pkey.write_pem(&mut io::sink()).unwrap();
 
@@ -34,6 +37,18 @@ fn test_cert_gen() {
     assert_eq!(pkey.save_pub(), cert.public_key().save_pub());
 }
 
+#[test]
+fn test_req_gen() {
+    let mut pkey = PKey::new();
+    pkey.gen(512);
+
+    let req = get_generator().request(&pkey).unwrap();
+    req.write_pem(&mut io::sink()).unwrap();
+
+    // FIXME: check data in result to be correct, needs implementation
+    // of X509_REQ getters
+}
+
 #[test]
 fn test_cert_loading() {
     let cert_path = Path::new("test/cert.pem");