diff --git a/ChangeLog.d/add-subjectAltName-certs.txt b/ChangeLog.d/add-subjectAltName-certs.txt
new file mode 100644
index 0000000000..487e5c656e
--- /dev/null
+++ b/ChangeLog.d/add-subjectAltName-certs.txt
@@ -0,0 +1,6 @@
+Features
+   * It is now possible to generate certificates with SubjectAltNames.
+     Currently supported subtypes: DnsName, UniformResourceIdentifier,
+     IP address, OtherName, and DirectoryName, as defined in RFC 5280.
+     See mbedtls_x509write_crt_set_subject_alternative_name for
+     more information.
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 8582e76b8d..ef4d75da2d 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -473,7 +473,6 @@ int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid,
                                size_t val_len);
 int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start,
                                   mbedtls_asn1_named_data *first);
-
 int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
                              mbedtls_asn1_named_data *first);
 int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 57e3cce1ac..537408e79e 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -241,6 +241,18 @@ typedef struct mbedtls_x509write_cert {
 }
 mbedtls_x509write_cert;
 
+/**
+ * \brief           Set Subject Alternative Name
+ *
+ * \param ctx       Certificate context to use
+ * \param san_list  List of SAN values
+ *
+ * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ *
+ * \note            "dnsName", "uniformResourceIdentifier", "IP address",
+ *                  "otherName", and "DirectoryName", as defined in RFC 5280,
+ *                  are supported.
+ */
 int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx,
                                                        const mbedtls_x509_san_list *san_list);
 
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index bcc9cb007d..04ce9845d8 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -153,7 +153,6 @@ int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx,
     return 0;
 }
 
-
 int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx,
                                                        const mbedtls_x509_san_list *san_list)
 {
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index ac6187a198..477b47bf18 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -925,7 +925,7 @@ usage:
 
         if (ret != 0) {
             mbedtls_printf(
-                " failed\n  !  mbedtls_x509write_csr_set_subject_alternative_name returned %d",
+                " failed\n  !  mbedtls_x509write_crt_set_subject_alternative_name returned %d",
                 ret);
             goto exit;
         }