diff --git a/common/src/scripts/extensions.cnf b/common/src/scripts/extensions.cnf
new file mode 100644
index 000000000..643a232da
--- /dev/null
+++ b/common/src/scripts/extensions.cnf
@@ -0,0 +1,2 @@
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer
diff --git a/common/src/scripts/generateCertificates.sh b/common/src/scripts/generateCertificates.sh
index 7f7168e1e..bf789520a 100755
--- a/common/src/scripts/generateCertificates.sh
+++ b/common/src/scripts/generateCertificates.sh
@@ -190,6 +190,7 @@ generate_certificate() {
             # For RSAPSS, we need to specify the PSS padding mode during signing
             openssl x509 -req -in "$csr_file" \
                 -CA "$csca_crt" -CAkey "$csca_key" -CAcreateserial \
+                -extfile src/scripts/extensions.cnf \
                 -days 3650 -sha${hash#sha} \
                 -sigopt rsa_padding_mode:pss \
                 -sigopt rsa_pss_saltlen:"$salt" \
@@ -198,6 +199,7 @@ generate_certificate() {
             # For standard RSA or ECDSA
             openssl x509 -req -in "$csr_file" \
                 -CA "$csca_crt" -CAkey "$csca_key" -CAcreateserial \
+                -extfile src/scripts/extensions.cnf \
                 -days 3650 -sha${hash#sha} \
                 -out "$dir_name/$crt_file"
         fi
@@ -239,7 +241,7 @@ generate_certificate() {
 # ------------------------------------------------------------------------------
 # RSA certificates
 generate_certificate csca sha1 rsa 65537 4096
-generate_certificate dsc sha1 rsa 65537 2048 --signer sha1_rsa_65537_4096
+generate_certificate dsc sha1 rsa 65537 2048 --signer sha1_rsa_65537_4096 --force
 generate_certificate dsc sha1 rsa 65537 4096 --signer sha1_rsa_65537_4096
 generate_certificate csca sha256 rsa 65537 4096
 generate_certificate dsc sha256 rsa 65537 2048 --signer sha256_rsa_65537_4096