diff --git a/lib/tls b/lib/tls
index 238687c5dd..7c6b967bc4 100644
--- a/lib/tls
+++ b/lib/tls
@@ -113,11 +113,11 @@ new_certs_dir           = \$dir/newcerts
 certificate             = \$dir/cacert.pem
 private_key             = \$dir/private/cacert.key
 RANDFILE                = \$dir/private/.rand
-default_md              = default
+default_md              = sha256
 
 [ req ]
-default_bits            = 1024
-default_md              = sha1
+default_bits            = 2048
+default_md              = sha256
 
 prompt                  = no
 distinguished_name      = ca_distinguished_name