diff --git a/pki/icinga2-build-ca.in b/pki/icinga2-build-ca.in
index 4b806c608..5ca46a896 100644
--- a/pki/icinga2-build-ca.in
+++ b/pki/icinga2-build-ca.in
@@ -17,4 +17,4 @@ fi
 echo '01' > $ICINGA_CA/serial
 touch $ICINGA_CA/index.txt
 
-CN_DEFAULT="Icinga CA" KEY_DIR=$ICINGA_CA openssl req -new -newkey rsa:4096 -x509 -nodes -days 3650 -config openssl.cnf -keyform PEM -keyout ca.key -outform PEM -out ca.crt
+CN_DEFAULT="Icinga CA" KEY_DIR=$ICINGA_CA openssl req -config $ICINGA2PKIDIR/openssl.cnf -new -newkey rsa:4096 -x509 -nodes -days 3650 -keyform PEM -keyout $ICINGA_CA/ca.key -outform PEM -out $ICINGA_CA/ca.crt
diff --git a/pki/icinga2-build-key.in b/pki/icinga2-build-key.in
index 5217451f2..81c18bb91 100644
--- a/pki/icinga2-build-key.in
+++ b/pki/icinga2-build-key.in
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 prefix=@prefix@
 datarootdir=@datarootdir@
 datadir=@datadir@
@@ -21,7 +21,7 @@ if [ ! -f $ICINGA_CA/ca.crt -o ! -f $ICINGA_CA/ca.key ]; then
 	exit 1
 fi
 
-CN_DEFAULT=$name KEY_DIR=$ICINGA_CA openssl req -new -newkey rsa:4096 -config openssl.cnf -keyform PEM -keyout $name.key -outform PEM -out $name.csr -nodes && \
-	openssl x509 -days 3650 -CA ca.crt -CAkey ca.key -req -in $name.csr -outform PEM -out $name.crt -CAserial serial
+CN_DEFAULT=$name KEY_DIR=$ICINGA_CA openssl req -config $ICINGA2PKIDIR/openssl.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA_CA/$name.key -outform PEM -out $ICINGA_CA/$name.csr -nodes && \
+	openssl x509 -days 3650 -CA $ICINGA_CA/ca.crt -CAkey $ICINGA_CA/ca.key -req -in $ICINGA_CA/$name.csr -outform PEM -out $ICINGA_CA/$name.crt -CAserial $ICINGA_CA/serial