diff --git a/peerlink/tls.py b/peerlink/tls.py
index 75df231..cc35613 100644
--- a/peerlink/tls.py
+++ b/peerlink/tls.py
@@ -26,12 +26,12 @@ def create_certificate(tls_key_path, tls_cert_path, USER_ID):
     ca.set_issuer(ca.get_subject())
     ca.set_pubkey(key)
     ca.add_extensions([
-      OpenSSL.crypto.X509Extension("basicConstraints", True, "CA:TRUE, pathlen:0"),
-      OpenSSL.crypto.X509Extension("nsCertType", True, "sslCA"),
-      OpenSSL.crypto.X509Extension("extendedKeyUsage", True,
-        "serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC"),
-      OpenSSL.crypto.X509Extension("keyUsage", False, "keyCertSign, cRLSign"),
-      OpenSSL.crypto.X509Extension("subjectKeyIdentifier", False, "hash", subject=ca),
+      OpenSSL.crypto.X509Extension(b"basicConstraints", True, b"CA:TRUE, pathlen:0"),
+      OpenSSL.crypto.X509Extension(b"nsCertType", True, b"sslCA"),
+      OpenSSL.crypto.X509Extension(b"extendedKeyUsage", True,
+        b"serverAuth,clientAuth,emailProtection,timeStamping,msCodeInd,msCodeCom,msCTLSign,msSGC,msEFS,nsSGC"),
+      OpenSSL.crypto.X509Extension(b"keyUsage", False, b"keyCertSign, cRLSign"),
+      OpenSSL.crypto.X509Extension(b"subjectKeyIdentifier", False, b"hash", subject=ca),
     ])
     ca.sign(key, "sha1")
     with open(tls_cert_path, 'wb') as fd: