diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3597172b59..5ec58c54b5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,7 +10,10 @@
 
 ### Chrome CT Policy Update
  * #906: Update chromepolicy.go to follow the updated Chrome CT policy.
- 
+
+### Misc
+ * #1059: Escape forward slashes in certificate Subject names when used as user quota id strings.
+
 ## v1.1.6
 
 ## Dependency update
@@ -29,7 +32,7 @@
 
  * Remove v2 log list package files.
 
- ### Misc
+### Misc
 
  * Updated golangci-lint to v1.51.1 (developers should update to this version).
  * Bump Go version from 1.17 to 1.19.
diff --git a/trillian/ctfe/cert_quota.go b/trillian/ctfe/cert_quota.go
index e1d1cd8083..d02e9a1bd9 100644
--- a/trillian/ctfe/cert_quota.go
+++ b/trillian/ctfe/cert_quota.go
@@ -18,6 +18,7 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
+	"strings"
 
 	"github.com/google/certificate-transparency-go/x509"
 )
@@ -38,5 +39,5 @@ const CertificateQuotaUserPrefix = "@intermediate"
 // See tests for examples.
 func QuotaUserForCert(c *x509.Certificate) string {
 	spkiHash := sha256.Sum256(c.RawSubjectPublicKeyInfo)
-	return fmt.Sprintf("%s %s %s", CertificateQuotaUserPrefix, c.Subject.String(), hex.EncodeToString(spkiHash[0:5]))
+	return fmt.Sprintf("%s %s %s", CertificateQuotaUserPrefix, strings.ReplaceAll(c.Subject.String(), "/", "%2F"), hex.EncodeToString(spkiHash[0:5]))
 }