diff --git a/tools/gen_key_materials.sh b/tools/gen_key_materials.sh
index ecdfd96..1feb704 100755
--- a/tools/gen_key_materials.sh
+++ b/tools/gen_key_materials.sh
@@ -14,6 +14,8 @@
 # limitations under the License.
 
 generate_crypto_materials () {
+  # OpenSSL ext file location
+  local openssl_ext_file=tools/openssl.ext
   # OpenSK AAGUID
   local aaguid_file=crypto_data/aaguid.txt
 
@@ -80,12 +82,13 @@ generate_crypto_materials () {
       -new \
       -key "${opensk_key}" \
       -out "${opensk_cert_name}.csr" \
-      -subj "/CN=OpenSK Hacker Edition"
+      -subj "/C=US/O=OpenSK/OU=Authenticator Attestation/CN=OpenSK Hacker Edition"
     "${openssl}" x509 \
       -req \
       -days 3652 \
       -in "${opensk_cert_name}.csr" \
       -CA "${ca_cert_name}.pem" \
+      -extfile "${openssl_ext_file}" \
       -CAkey "${ca_priv_key}" \
       -CAcreateserial \
       -outform pem \
diff --git a/tools/openssl.ext b/tools/openssl.ext
new file mode 100644
index 0000000..ac4f4ca
--- /dev/null
+++ b/tools/openssl.ext
@@ -0,0 +1 @@
+basicConstraints=CA:FALSE
\ No newline at end of file