diff --git a/libgamestream/mkcert.c b/libgamestream/mkcert.c
index 0665825..2f8007d 100644
--- a/libgamestream/mkcert.c
+++ b/libgamestream/mkcert.c
@@ -32,7 +32,6 @@ static const int SERIAL = 0;
 static const int NUM_YEARS = 10;
 
 int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int years);
-int add_ext(X509 *cert, int nid, char *value);
 
 CERT_KEY_PAIR mkcert_generate() {
     BIO *bio_err;
@@ -142,11 +141,6 @@ int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int years) {
      */
     X509_set_issuer_name(x, name);
 
-    /* Add various extensions: standard extensions */
-    add_ext(x, NID_key_usage, "critical,digitalSignature,keyEncipherment");
-
-    add_ext(x, NID_subject_key_identifier, "hash");
-
     if (!X509_sign(x, pk, EVP_sha256())) {
         goto err;
     }
@@ -158,29 +152,3 @@ int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int years) {
 err:
     return(0);
 }
-
-/* Add extension using V3 code: we can set the config file as NULL
- * because we wont reference any other sections.
- */
-
-int add_ext(X509 *cert, int nid, char *value)
-{
-    X509_EXTENSION *ex;
-    X509V3_CTX ctx;
-    /* This sets the 'context' of the extensions. */
-    /* No configuration database */
-    X509V3_set_ctx_nodb(&ctx);
-    /* Issuer and subject certs: both the target since it is self signed,
-     * no request and no CRL
-     */
-    X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
-    ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, value);
-    if (!ex) {
-        return 0;
-    }
-
-    X509_add_ext(cert, ex, -1);
-    X509_EXTENSION_free(ex);
-    return 1;
-}
-