diff --git a/plugins/tls_cert b/plugins/tls_cert
index 4e34506..b1afde1 100644
--- a/plugins/tls_cert
+++ b/plugins/tls_cert
@@ -62,6 +62,7 @@ system('openssl', 'req', '-config', $CAfilename, '-new', '-x509',
 my $SERVER_key = 'ssl/qpsmtpd-server.key';
 my $SERVER_csr = 'ssl/qpsmtpd-server.csr';
 my $SERVER_crt = 'ssl/qpsmtpd-server.crt';
+my $SERVER_dhparam = 'ssl/qpsmtpd-server.dhparam';
 
 my ($SERVER, $SERVERfilename) = tempfile( $template, DIR => "ssl", UNLINK => 1);
 print ${SERVER} return_cfg($opts{OU});
@@ -94,6 +95,9 @@ system('openssl', 'x509', '-extfile', $SIGNfilename, '-days', (365*2),
 	'-req', '-out', $SERVER_crt) == 0
     or die "Cannot sign cert: $?";
 
+system('openssl', 'dhparam', '-out', '$SERVER_dhparam', 2048) == 0
+    or die "Cannot create server dhparam: $?";
+
 exit(0);
 	
 sub return_cfg {