diff --git a/docs/simplesamlphp-artifact-sp.txt b/docs/simplesamlphp-artifact-sp.txt
index c71b62acd19b66ea0974dcab1044dcb90c9b65c6..afcebcf0cec2f98307d7a2d16bcb8d3caec2ccd3 100644
--- a/docs/simplesamlphp-artifact-sp.txt
+++ b/docs/simplesamlphp-artifact-sp.txt
@@ -11,7 +11,7 @@ This is used for SSL client authentication when contacting the IdP.
 
 To generate a private key and certificate, you may use the `openssl` commandline utility:
 
-    openssl req -new -x509 -days 3652 -nodes -out sp.example.org.crt -keyout sp.example.org.pem
+    openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out sp.example.org.crt -keyout sp.example.org.pem
 
 You can then add the private key and certificate to the SP configuration.
 When this is done, you can add the metadata of your SP to the IdP, and test the authentication.
diff --git a/docs/simplesamlphp-googleapps.txt b/docs/simplesamlphp-googleapps.txt
index 0ceaf1658bdbc0dc68c99cb0611f14eccec10976..01019b9137c4502f4e2dd5fed6b8404c734ab487 100644
--- a/docs/simplesamlphp-googleapps.txt
+++ b/docs/simplesamlphp-googleapps.txt
@@ -45,7 +45,7 @@ For test purposes, you can skip this section, and use the certificate included i
 
 Here is an example of openssl commands to generate a new key and a self signed certificate to use for signing SAML messages:
 
-    openssl genrsa -des3 -out googleappsidp.key 1024 
+    openssl genrsa -des3 -out googleappsidp.key 2048
     openssl rsa -in googleappsidp.key -out googleappsidp.pem
     openssl req -new -key googleappsidp.key -out googleappsidp.csr
     openssl x509 -req -days 9999 -in googleappsidp.csr -signkey googleappsidp.key -out googleappsidp.crt
diff --git a/docs/simplesamlphp-idp.txt b/docs/simplesamlphp-idp.txt
index 3266397bfd42779627f7505c7bfffa299567874d..4be6f07faa263c35101aa10af15255b2d4e6c73c 100644
--- a/docs/simplesamlphp-idp.txt
+++ b/docs/simplesamlphp-idp.txt
@@ -189,7 +189,7 @@ Here is an example of an `openssl`-command which can be used to generate a new p
 
 This key and certificate can be used to sign SAML messages:
 
-    openssl req -new -x509 -days 3652 -nodes -out example.org.crt -keyout example.org.pem
+    openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out example.org.crt -keyout example.org.pem
 
 The certificate above will be valid for 10 years.
 
diff --git a/docs/simplesamlphp-sp.txt b/docs/simplesamlphp-sp.txt
index 864a14450f745b2c474960d5d7737edd1533bc3b..e229b1c1afe076b36ca4cfa476068d6022b7dc6a 100644
--- a/docs/simplesamlphp-sp.txt
+++ b/docs/simplesamlphp-sp.txt
@@ -51,7 +51,7 @@ Some Identity Providers / Federations may require that your Service Providers ho
 Create a self-signed certificate in the `cert/` directory.
 
 	cd cert
-	openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
+	openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
 
 
 Then edit your `authsources.php` entry, and add references to your certificate:
diff --git a/docs/simplesamlphp-ukaccess.txt b/docs/simplesamlphp-ukaccess.txt
index fe07cc2235499559d96d7409f69b707403340491..c2bee6c9ae55f45b7cff6cb8b3ec6d7e37938137 100644
--- a/docs/simplesamlphp-ukaccess.txt
+++ b/docs/simplesamlphp-ukaccess.txt
@@ -35,7 +35,7 @@ If you enable a certificate for your Service Provider, it may be able to sign re
 Create a self-signed certificate in the `cert/` directory.
 
 	cd cert
-	openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
+	openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
 
 
 Then edit your `authsources.php` entry, and add references to your certificate: