diff --git a/bin/create_dual_intermediate_CA.sh b/bin/create_dual_intermediate_CA.sh
index 89b822d439..ae1435cb8d 100755
--- a/bin/create_dual_intermediate_CA.sh
+++ b/bin/create_dual_intermediate_CA.sh
@@ -44,7 +44,7 @@ touch index.txt
 echo 1000 > serial
 
 # Create the client CA private key
-openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 2048
+openssl genpkey -algorithm RSA -out private/ca.key.pem -aes-128-cbc -pass pass:not-secure-passphrase
 chmod 400 private/ca.key.pem
 
 # Create the client CA root certificate
@@ -58,7 +58,7 @@ touch intermediate_ca/index.txt
 echo 1000 > intermediate_ca/serial
 
 # Create the client intermediate CA private key
-openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 2048
+openssl genpkey -algorithm RSA -out intermediate_ca/private/intermediate.ca.key.pem -aes-128-cbc -pass pass:not-secure-passphrase
 chmod 400 intermediate_ca/private/intermediate.ca.key.pem
 
 # Create the client intermediate CA certificate signing request
@@ -71,7 +71,7 @@ openssl ca -config ../../openssl.cnf -name CA_intermediate -extensions v3_interm
 cat intermediate_ca/certs/intermediate.cert.pem certs/ca.cert.pem > intermediate_ca/ca-chain.cert.pem
 
 ###### Create the client key and certificate
-openssl genrsa -aes128 -out intermediate_ca/private/controller.key.pem -passout pass:not-secure-passphrase 2048
+openssl genpkey -algorithm RSA -out intermediate_ca/private/controller.key.pem -aes-128-cbc -pass pass:not-secure-passphrase
 chmod 400 intermediate_ca/private/controller.key.pem
 
 # Create the client controller certificate signing request
@@ -103,7 +103,7 @@ touch index.txt
 echo 1000 > serial
 
 # Create the server CA private key
-openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 2048
+openssl genpkey -algorithm RSA -out private/ca.key.pem -aes-128-cbc -pass pass:not-secure-passphrase
 chmod 400 private/ca.key.pem
 
 # Create the server CA root certificate
@@ -117,7 +117,7 @@ touch intermediate_ca/index.txt
 echo 1000 > intermediate_ca/serial
 
 # Create the server intermediate CA private key
-openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 2048
+openssl genpkey -algorithm RSA -out intermediate_ca/private/intermediate.ca.key.pem -aes-128-cbc -pass pass:not-secure-passphrase
 chmod 400 intermediate_ca/private/intermediate.ca.key.pem
 
 # Create the server intermediate CA certificate signing request
diff --git a/bin/create_single_CA_intermediate_CA.sh b/bin/create_single_CA_intermediate_CA.sh
index 61cf1fd3ed..5b91e7fffa 100755
--- a/bin/create_single_CA_intermediate_CA.sh
+++ b/bin/create_single_CA_intermediate_CA.sh
@@ -44,7 +44,7 @@ touch index.txt
 echo 1000 > serial
 
 # Create the client CA private key
-openssl genrsa -aes128 -out private/ca.key.pem -passout pass:not-secure-passphrase 2048
+openssl genpkey -algorithm RSA -out private/ca.key.pem -aes-128-cbc -pass pass:not-secure-passphrase
 chmod 400 private/ca.key.pem
 
 # Create the client CA root certificate
@@ -58,7 +58,7 @@ touch intermediate_ca/index.txt
 echo 1000 > intermediate_ca/serial
 
 # Create the client intermediate CA private key
-openssl genrsa -aes128 -out intermediate_ca/private/intermediate.ca.key.pem -passout pass:not-secure-passphrase 2048
+openssl genpkey -algorithm RSA -out intermediate_ca/private/intermediate.ca.key.pem -aes-128-cbc -pass pass:not-secure-passphrase
 chmod 400 intermediate_ca/private/intermediate.ca.key.pem
 
 # Create the client intermediate CA certificate signing request
@@ -71,7 +71,7 @@ openssl ca -config ../../openssl.cnf -name CA_intermediate -extensions v3_interm
 cat intermediate_ca/certs/intermediate.cert.pem certs/ca.cert.pem > intermediate_ca/ca-chain.cert.pem
 
 ###### Create the client key and certificate
-openssl genrsa -aes128 -out intermediate_ca/private/controller.key.pem -passout pass:not-secure-passphrase 2048
+openssl genpkey -algorithm RSA -out intermediate_ca/private/controller.key.pem -aes-128-cbc -pass pass:not-secure-passphrase
 chmod 400 intermediate_ca/private/controller.key.pem
 
 # Create the client controller certificate signing request
diff --git a/doc/source/admin/guides/certificates.rst b/doc/source/admin/guides/certificates.rst
index 295541e9fc..814e776903 100644
--- a/doc/source/admin/guides/certificates.rst
+++ b/doc/source/admin/guides/certificates.rst
@@ -142,7 +142,7 @@ can be used to create the required certificates.
 
    .. code-block:: bash
 
-       $ openssl genrsa -aes256 -out private/ca.key.pem 4096
+       $ openssl genpkey -algorithm RSA -out private/ca.key.pem -aes-128-cbc -pkeyopt rsa_keygen_bits:4096
        $ chmod 400 private/ca.key.pem
 
 7. Create the `server` CA certificate.
@@ -174,7 +174,7 @@ can be used to create the required certificates.
 
    .. code-block:: bash
 
-       $ openssl genrsa -aes256 -out private/ca.key.pem 4096
+       $ openssl genpkey -algorithm RSA -out private/ca.key.pem -aes-128-cbc -pkeyopt rsa_keygen_bits:4096
        $ chmod 400 private/ca.key.pem
 
 10. Create the `client` CA certificate.
@@ -199,7 +199,7 @@ can be used to create the required certificates.
 
     .. code-block:: bash
 
-        $ openssl genrsa -aes256 -out private/client.key.pem 2048
+        $ openssl genpkey -algorithm RSA -out private/ca.key.pem -aes-128-cbc -pkeyopt rsa_keygen_bits:2048
 
 12. Create the certificate request for the `client` certificate used on the
     controllers.