diff --git a/Limelight/Crypto/mkcert.c b/Limelight/Crypto/mkcert.c
index c283fc1..327d5a4 100644
--- a/Limelight/Crypto/mkcert.c
+++ b/Limelight/Crypto/mkcert.c
@@ -107,13 +107,7 @@ int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int years) {
      */
     X509_set_issuer_name(x, name);
     
-    /* Add various extensions: standard extensions */
-    add_ext(x, NID_basic_constraints, "critical,CA:TRUE");
-    add_ext(x, NID_key_usage, "critical,keyCertSign,cRLSign");
-    
-    add_ext(x, NID_subject_key_identifier, "hash");
-    
-    if (!X509_sign(x, pk, EVP_sha1())) {
+    if (!X509_sign(x, pk, EVP_sha256())) {
         goto err;
     }
     
@@ -124,29 +118,3 @@ int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int years) {
 err:
     return(0);
 }
-
-/* Add extension using V3 code: we can set the config file as NULL
- * because we wont reference any other sections.
- */
-
-int add_ext(X509 *cert, int nid, char *value)
-{
-    X509_EXTENSION *ex;
-    X509V3_CTX ctx;
-    /* This sets the 'context' of the extensions. */
-    /* No configuration database */
-    X509V3_set_ctx_nodb(&ctx);
-    /* Issuer and subject certs: both the target since it is self signed,
-     * no request and no CRL
-     */
-    X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
-    ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, value);
-    if (!ex) {
-        return 0;
-    }
-    
-    X509_add_ext(cert, ex, -1);
-    X509_EXTENSION_free(ex);
-    return 1;
-}
-