diff --git a/mkosi.conf b/mkosi.conf
index 427c5fc..8e06fe8 100644
--- a/mkosi.conf
+++ b/mkosi.conf
@@ -13,10 +13,10 @@ MinimumVersion=20.2
 
 [Validation]
 # Use RSA 2048 keys for wide UEFI compatibility
-SecureBootKey=signing-keys/rafeOS_secureboot.key
-SecureBootCertificate=signing-keys/rafeOS_secureboot.crt
-VerityKey=signing-keys/rafeOS_secureboot.key
-VerityCertificate=signing-keys/rafeOS_secureboot.crt
+SecureBootKey=signing-keys/rafeOS.secure-boot.key
+SecureBootCertificate=signing-keys/rafeOS.secure-boot.crt
+VerityKey=signing-keys/rafeOS.secure-boot.key
+VerityCertificate=signing-keys/rafeOS.secure-boot.crt
 
 [Host]
 Incremental=true
diff --git a/signing-keys/genkeys.sh b/signing-keys/genkeys.sh
index 791af0c..ed826e9 100755
--- a/signing-keys/genkeys.sh
+++ b/signing-keys/genkeys.sh
@@ -24,8 +24,8 @@ generate_key_pair() {
     fi
 
     # Default filenames
-    PRIVATE_KEY_FILE="${IMAGE_ID}_${FILENAME_PREFIX}.key"
-    CERTIFICATE_FILE="${IMAGE_ID}_${FILENAME_PREFIX}.crt"
+    PRIVATE_KEY_FILE="${IMAGE_ID}.${FILENAME_PREFIX}.key"
+    CERTIFICATE_FILE="${IMAGE_ID}.${FILENAME_PREFIX}.crt"
 
     # Period of validity (in days) for  the created certificate.
     # Defaults to 3650, i.e. 10 years.
@@ -79,7 +79,7 @@ generate_key_pair() {
 }
 
 generate_secureboot_keys() {
-    generate_key_pair "secureboot" "/CN=$IMAGE_ID UEFI CA $(date +%Y)" "rsa"
+    generate_key_pair "secure-boot" "/CN=$IMAGE_ID UEFI CA $(date +%Y)" "rsa"
 }
 
 generate_verity_keys() {