diff --git a/config.cfg b/config.cfg
index 197b62b..ac8beb2 100644
--- a/config.cfg
+++ b/config.cfg
@@ -5,13 +5,12 @@
 #  secp384r1
 #  secp521r1
 easyrsa_dir: /opt/easy-rsa-ipsec
-easyrsa_curve: prime256v1
 easyrsa_ca_expire: 3650
 easyrsa_cert_expire: 3650
 easyrsa_p12_export_password: vpn
 
 # if True re-init all existing certificates. Boolean
-easyrsa_reinit_existent: False
+easyrsa_reinit_existent: True
 
 # Domain or ip
 server_name: www.ivlis.me
diff --git a/configs/.gitinit b/configs/.gitinit
new file mode 100644
index 0000000..e69de29
diff --git a/templates/easy-rsa.vars.j2 b/templates/easy-rsa.vars.j2
index 6ab31c9..19447c6 100644
--- a/templates/easy-rsa.vars.j2
+++ b/templates/easy-rsa.vars.j2
@@ -102,11 +102,11 @@ set_var EASYRSA_DN "cn_only"
 #  * rsa
 #  * ec
 
-set_var EASYRSA_ALGO       rsa
+set_var EASYRSA_ALGO       ec
 
 # Define the named curve, used in ec mode only:
 
-set_var EASYRSA_CURVE      {{ easyrsa_curve }}
+set_var EASYRSA_CURVE      prime256v1
 
 # In how many days should the root CA key expire?
 
diff --git a/templates/ipsec.secrets.j2 b/templates/ipsec.secrets.j2
index 3ddf94b..4cae96e 100644
--- a/templates/ipsec.secrets.j2
+++ b/templates/ipsec.secrets.j2
@@ -1,2 +1,2 @@
-: RSA {{ server_name }}.key
+: ECDSA {{ server_name }}.key
 
diff --git a/templates/mobileconfig.j2 b/templates/mobileconfig.j2
index fe8ba42..39847a8 100644
--- a/templates/mobileconfig.j2
+++ b/templates/mobileconfig.j2
@@ -45,6 +45,10 @@
                 <string>{{ item.0 }}</string>
                 <key>PayloadCertificateUUID</key>
                 <string>1FB2907D-14D3-4BAB-A472-B304F4B7F7D9</string>
+                <key>CertificateType</key>
+                <string>ECDSA256</string>
+                <key>ServerCertificateIssuerCommonName</key>
+                <string>www.ivlis.me</string>                
                 <key>RemoteAddress</key>
                 <string>{{ server_name }}</string>
                 <key>RemoteIdentifier</key>