diff --git a/Dockerfile b/Dockerfile
index 06810e5..79a9428 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -34,10 +34,8 @@ RUN curl -o /etc/yum.repos.d/security:shibboleth.repo \
 RUN LD_LIBRARY_PATH="/opt/shibboleth/lib64"
 RUN export LD_LIBRARY_PATH
 
-ADD ./container_files/system/shibboleth_keygen.sh  /usr/local/bin/
 ADD ./container_files/httpd/ssl.conf /etc/httpd/conf.d/
 ADD ./container_files/shibboleth/* /etc/shibboleth/
-RUN chmod +x /usr/local/bin/shibboleth_keygen.sh
 
 # fix httpd logging to tier format
 RUN sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
diff --git a/README.md b/README.md
index 1a41af3..32be5b5 100644
--- a/README.md
+++ b/README.md
@@ -8,12 +8,15 @@ It is based from CentOS 7 and includes httpd, mod_ssl, and the current shibbolet
 
 Files you must supply/override in your downstream builds:   
 
-1. The SP's ***private key and corresponding certificate*** (very important!), which can be generated in your downstream container like this:   
->     RUN /usr/local/bin/shibboleth_keygen.sh -o /etc/shibboleth -f   
+1. The SP's ***private keys and corresponding certificates*** (very important!), which can be generated in your downstream container like this:   
+>     RUN /etc/shibboleth/keygen.sh -o /etc/shibboleth/ -y 10 -n sp-encrypt -f \
+>          && /etc/shibboleth/keygen.sh -o /etc/shibboleth/ -y 10 -n sp-signing -f
 >   
->           ...that command generates/overwrites the following files:   
->                       /etc/shibboleth/sp-key.pem   
->                       /etc/shibboleth/sp-cert.pem   
+>           ...those commands generate/overwrite the following files:   
+>                       /etc/shibboleth/sp-encrypt-key.pem   
+>                       /etc/shibboleth/sp-encrypt-cert.pem   
+>                       /etc/shibboleth/sp-signing-key.pem   
+>                       /etc/shibboleth/sp-signing-cert.pem   
    
 2. ***/etc/httpd/conf.d/ssl.conf***
 >     including:   
diff --git a/container_files/system/supervisord.conf b/container_files/system/supervisord.conf
index e25dd78..d63f5f0 100644
--- a/container_files/system/supervisord.conf
+++ b/container_files/system/supervisord.conf
@@ -25,7 +25,7 @@ stderr_logfile=/tmp/loghttpd
 stderr_logfile_maxbytes=0
 
 [program:shibd]
-command=/usr/sbin/shibd
+command=/usr/sbin/shibd -f
 autostart=true
 autorestart=true
 stdout_logfile=/tmp/logshibd