diff --git a/openssl.cnf b/openssl.cnf
index d0df2b6..79aa814 100644
--- a/openssl.cnf
+++ b/openssl.cnf
@@ -13,7 +13,7 @@ private_key     = $dir/private.key
 RANDFILE        = $dir/.rand
 default_days    = 365
 default_crl_days= 365
-default_md      = md5
+default_md      = sha256
 preserve        = no
 policy          = policy_match
 
@@ -26,7 +26,7 @@ commonName              = supplied
 emailAddress            = supplied
 
 [ req ]
-default_bits            = 1024
+default_bits            = 2048
 distinguished_name      = req_distinguished_name
 
 [ req_distinguished_name ]
diff --git a/shellpki.sh b/shellpki.sh
index 39a6f81..0678de7 100755
--- a/shellpki.sh
+++ b/shellpki.sh
@@ -29,7 +29,7 @@ init() {
     if [ ! -f $PREFIX/ca/index.txt ]; then touch $PREFIX/ca/index.txt; fi
     if [ ! -f $PREFIX/files/ca/serial ]; then echo 01 > $PREFIX/ca/serial; fi
 
-$OPENSSL dhparam -out $PREFIX/ca/dh1024.pem 1024
+$OPENSSL dhparam -out $PREFIX/ca/dh2048.pem 2048
 $OPENSSL genrsa  -out $PREFIX/ca/private.key 2048
 
 $OPENSSL req            	    \