diff --git a/config.cfg b/config.cfg
index 197b62b..ac8beb2 100644
--- a/config.cfg
+++ b/config.cfg
@@ -5,13 +5,12 @@
# secp384r1
# secp521r1
easyrsa_dir: /opt/easy-rsa-ipsec
-easyrsa_curve: prime256v1
easyrsa_ca_expire: 3650
easyrsa_cert_expire: 3650
easyrsa_p12_export_password: vpn
# if True re-init all existing certificates. Boolean
-easyrsa_reinit_existent: False
+easyrsa_reinit_existent: True
# Domain or ip
server_name: www.ivlis.me
diff --git a/configs/.gitinit b/configs/.gitinit
new file mode 100644
index 0000000..e69de29
diff --git a/templates/easy-rsa.vars.j2 b/templates/easy-rsa.vars.j2
index 6ab31c9..19447c6 100644
--- a/templates/easy-rsa.vars.j2
+++ b/templates/easy-rsa.vars.j2
@@ -102,11 +102,11 @@ set_var EASYRSA_DN "cn_only"
# * rsa
# * ec
-set_var EASYRSA_ALGO rsa
+set_var EASYRSA_ALGO ec
# Define the named curve, used in ec mode only:
-set_var EASYRSA_CURVE {{ easyrsa_curve }}
+set_var EASYRSA_CURVE prime256v1
# In how many days should the root CA key expire?
diff --git a/templates/ipsec.secrets.j2 b/templates/ipsec.secrets.j2
index 3ddf94b..4cae96e 100644
--- a/templates/ipsec.secrets.j2
+++ b/templates/ipsec.secrets.j2
@@ -1,2 +1,2 @@
-: RSA {{ server_name }}.key
+: ECDSA {{ server_name }}.key
diff --git a/templates/mobileconfig.j2 b/templates/mobileconfig.j2
index fe8ba42..39847a8 100644
--- a/templates/mobileconfig.j2
+++ b/templates/mobileconfig.j2
@@ -45,6 +45,10 @@
{{ item.0 }}
PayloadCertificateUUID
1FB2907D-14D3-4BAB-A472-B304F4B7F7D9
+ CertificateType
+ ECDSA256
+ ServerCertificateIssuerCommonName
+ www.ivlis.me
RemoteAddress
{{ server_name }}
RemoteIdentifier