diff --git a/run-koji-container.sh b/run-koji-container.sh
index c4060bd..920ead8 100755
--- a/run-koji-container.sh
+++ b/run-koji-container.sh
@@ -53,9 +53,15 @@ koji_start() {
   # generate self-signed certificates in the share directory
   openssl req -new -nodes -x509 -days 365 -keyout "${SHARE_DIR}/ca-key.pem" -out "${SHARE_DIR}/ca-crt.pem" -subj "/CN=osbuild.org"
   openssl genrsa -out "${SHARE_DIR}/key.pem" 2048
+
+  # certificate for "localhost" hostname
   openssl req -new -sha256 -key "${SHARE_DIR}/key.pem"	-out "${SHARE_DIR}/csr.pem" -subj "/CN=localhost"
   openssl x509 -req -in "${SHARE_DIR}/csr.pem"  -CA "${SHARE_DIR}/ca-crt.pem" -CAkey "${SHARE_DIR}/ca-key.pem" -CAcreateserial -out "${SHARE_DIR}/crt.pem"
 
+  # certificate for "org.osbuild.koji.koji" hostname
+  openssl req -new -sha256 -key "${SHARE_DIR}/key.pem"	-out "${SHARE_DIR}/csr-fqdn.pem" -subj "/CN=org.osbuild.koji.koji"
+  openssl x509 -req -in "${SHARE_DIR}/csr-fqdn.pem"  -CA "${SHARE_DIR}/ca-crt.pem" -CAkey "${SHARE_DIR}/ca-key.pem" -CAcreateserial -out "${SHARE_DIR}/crt-fqdn.pem"
+
   ${CONTAINER_RUNTIME} network create org.osbuild.koji
 
   ${CONTAINER_RUNTIME} run -d --name org.osbuild.koji.postgres --network org.osbuild.koji \
@@ -74,6 +80,8 @@ koji_start() {
 
   # initialize krb pricipals and create keytabs for them
   # HTTP/localhost@LOCAL for kojihub
+  kdc_exec kadmin.local -r LOCAL add_principal -randkey HTTP/org.osbuild.koji.koji@LOCAL
+  kdc_exec kadmin.local -r LOCAL ktadd -k /share/koji.keytab HTTP/org.osbuild.koji.koji@LOCAL
   kdc_exec kadmin.local -r LOCAL add_principal -randkey HTTP/localhost@LOCAL
   kdc_exec kadmin.local -r LOCAL ktadd -k /share/koji.keytab HTTP/localhost@LOCAL
   kdc_exec chmod 644 /share/koji.keytab