diff --git a/acmpca/README.md b/acmpca/README.md
index 449914e..700a7b8 100644
--- a/acmpca/README.md
+++ b/acmpca/README.md
@@ -95,6 +95,7 @@ No modules.
 | <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
 | <a name="input_certificate_authority_mode"></a> [certificate\_authority\_mode](#input\_certificate\_authority\_mode) | String indicating whether to use the general purpose (general) or short lived (short) CA (general is ca1, short lived is ca2) | `string` | `"general"` | no |
 | <a name="input_certificate_authority_template"></a> [certificate\_authority\_template](#input\_certificate\_authority\_template) | String indicating which specific ACMPCA template to use | `string` | `null` | no |
+| <a name="input_certificate_chain_filename"></a> [certificate\_chain\_filename](#input\_certificate\_chain\_filename) | Filename for Certificate Chain (signer, intermediate(s) and root). Defaults to {certificate\_dns}.chain.crt | `string` | `null` | no |
 | <a name="input_certificate_cn"></a> [certificate\_cn](#input\_certificate\_cn) | CommonName (CN) to use for certificate, defaults in c=US,o=U.S. Census Bureau,ou=Servers. This will typically be the DNS name.  Uses certificate\_dns if not provided. | `string` | `null` | no |
 | <a name="input_certificate_dns"></a> [certificate\_dns](#input\_certificate\_dns) | DNS Name to be used for the certificate.  For ACM certificate, the subject and CN may not be customized. | `string` | n/a | yes |
 | <a name="input_certificate_filename"></a> [certificate\_filename](#input\_certificate\_filename) | Filename for Certificate. Defaults to {certificate\_dns}.crt | `string` | `null` | no |
diff --git a/acmpca/certificate.tf b/acmpca/certificate.tf
index 995293f..4e3d24b 100644
--- a/acmpca/certificate.tf
+++ b/acmpca/certificate.tf
@@ -21,9 +21,9 @@ resource "tls_cert_request" "certificate" {
 
   subject {
     common_name         = local.ca_dns_name
-    country             = lookup(var.certificate_subject_override, "c", local._defaults.certificate["c"])
-    organization        = lookup(var.certificate_subject_override, "o", local._defaults.certificate["o"])
-    organizational_unit = lookup(var.certificate_subject_override, "ou", local._defaults.certificate["ou"])
+    country             = lookup(var.certificate_subject_overrides, "c", local._defaults.certificate["c"])
+    organization        = lookup(var.certificate_subject_overrides, "o", local._defaults.certificate["o"])
+    organizational_unit = lookup(var.certificate_subject_overrides, "ou", local._defaults.certificate["ou"])
   }
 }
 
diff --git a/acmpca/variables.tf b/acmpca/variables.tf
index 1391ea4..5b500ae 100644
--- a/acmpca/variables.tf
+++ b/acmpca/variables.tf
@@ -68,6 +68,12 @@ variable "certificate_filename" {
   default     = null
 }
 
+variable "certificate_chain_filename" {
+  description = "Filename for Certificate Chain (signer, intermediate(s) and root). Defaults to {certificate_dns}.chain.crt"
+  type        = string
+  default     = null
+}
+
 variable "certificate_authority_mode" {
   description = "String indicating whether to use the general purpose (general) or short lived (short) CA (general is ca1, short lived is ca2)"
   type        = string