diff --git a/tools/src/main/shell/client.keygen.sh b/tools/src/main/shell/client.keygen.sh
index dcc6d30d46..981160a2a2 100755
--- a/tools/src/main/shell/client.keygen.sh
+++ b/tools/src/main/shell/client.keygen.sh
@@ -44,7 +44,8 @@ done
 
 . $PROPERTIES_FILE
 
-if [ -f $CLIENT_FILE_PREFIX.jks ] || [ -f $CLIENT_FILE_PREFIX.pub.pem ] || [ -f $CLIENT_FILE_PREFIX.nopass.pem ] || [ -f $CLIENT_FILE_PREFIX.pem ] || [ -f $CLIENT_FILE_PREFIX.p12 ];
+if [ -f $CLIENT_FILE_PREFIX.jks ] || [ -f $CLIENT_FILE_PREFIX.pub.pem ] || [ -f $CLIENT_FILE_PREFIX.nopass.pem ] || \
+   [ -f $CLIENT_FILE_PREFIX.pem ] || [ -f $CLIENT_FILE_PREFIX.p12 ] || [ -f $CLIENT_FILE_PREFIX.pk8.pem ];
 then
 while :
    do
@@ -62,6 +63,7 @@ while :
             rm -rf $CLIENT_FILE_PREFIX.nopass.pem
             rm -rf $CLIENT_FILE_PREFIX.pem
             rm -rf $CLIENT_FILE_PREFIX.p12
+            rm -rf $CLIENT_FILE_PREFIX.pk8.pem
             break;
             ;;
         *)  echo "Please reply 'yes' or 'no'"
@@ -84,6 +86,8 @@ if [ -z "$OPENSSL_CMD" ]; then
 	exit 0
 fi
 
+echo "INFO: your hostname is $(hostname)"
+echo "INFO: your CN (domain suffix) for key is $DOMAIN_SUFFIX"
 echo "Generating SSL Key Pair..."
 
 keytool -genkeypair -v \
@@ -112,7 +116,15 @@ echo "Converting pkcs12 to pem"
 openssl pkcs12 -in $CLIENT_FILE_PREFIX.p12 \
   -out $CLIENT_FILE_PREFIX.pem \
   -passin pass:$CLIENT_KEY_PASSWORD \
-  -passout pass:$CLIENT_KEY_PASSWORD \
+  -passout pass:$CLIENT_KEY_PASSWORD
+
+echo "Converting pem to pkcs8"
+openssl pkcs8 \
+  -topk8 \
+  -nocrypt \
+  -in $CLIENT_FILE_PREFIX.pem \
+  -out $CLIENT_FILE_PREFIX.pk8.pem \
+  -passin pass:$CLIENT_KEY_PASSWORD
 
 echo "Importing server public key to $CLIENT_FILE_PREFIX.jks"
 keytool --importcert \
diff --git a/tools/src/main/shell/keygen.properties b/tools/src/main/shell/keygen.properties
index d2733e5b7b..4808f05b2f 100644
--- a/tools/src/main/shell/keygen.properties
+++ b/tools/src/main/shell/keygen.properties
@@ -1,5 +1,5 @@
 #
-# Copyright © 2016-2017 The Thingsboard Authors
+# Copyright © 2016-2021 The Thingsboard Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,15 +18,15 @@ DOMAIN_SUFFIX="$(hostname)"
 SUBJECT_ALTERNATIVE_NAMES="ip:127.0.0.1"
 ORGANIZATIONAL_UNIT=Thingsboard
 ORGANIZATION=Thingsboard
-CITY=SF
+CITY="San Francisco"
 STATE_OR_PROVINCE=CA
 TWO_LETTER_COUNTRY_CODE=US
 
-SERVER_KEYSTORE_PASSWORD=server_ks_password
-SERVER_KEY_PASSWORD=server_key_password
+SERVER_KEYSTORE_PASSWORD=password
+SERVER_KEY_PASSWORD=password
 
 SERVER_KEY_ALIAS="serveralias"
-SERVER_FILE_PREFIX="mqttserver"
+SERVER_FILE_PREFIX="server"
 SERVER_KEY_ALG="RSA"
 SERVER_KEY_SIZE="2048"
 SERVER_KEYSTORE_DIR="/etc/thingsboard/conf"
@@ -35,6 +35,6 @@ CLIENT_KEYSTORE_PASSWORD=password
 CLIENT_KEY_PASSWORD=password
 
 CLIENT_KEY_ALIAS="clientalias"
-CLIENT_FILE_PREFIX="mqttclient"
+CLIENT_FILE_PREFIX="client"
 CLIENT_KEY_ALG="RSA"
 CLIENT_KEY_SIZE="2048"
diff --git a/tools/src/main/shell/server.keygen.sh b/tools/src/main/shell/server.keygen.sh
index 7679cbd812..259e7faec1 100755
--- a/tools/src/main/shell/server.keygen.sh
+++ b/tools/src/main/shell/server.keygen.sh
@@ -60,7 +60,8 @@ fi
 
 . $PROPERTIES_FILE
 
-if [ -f $SERVER_FILE_PREFIX.jks ] || [ -f $SERVER_FILE_PREFIX.cer ] || [ -f $SERVER_FILE_PREFIX.pub.pem ] || [ -f $SERVER_FILE_PREFIX.pub.der ];
+if [ -f $SERVER_FILE_PREFIX.jks ] || [ -f $SERVER_FILE_PREFIX.cer ] || [ -f $SERVER_FILE_PREFIX.pub.pem ] || \
+   [ -f $SERVER_FILE_PREFIX.p12 ] || [ -f $SERVER_FILE_PREFIX.pem ] || [ -f $SERVER_FILE_PREFIX.pk8.pem ] ;
 then
 while :
    do
@@ -76,6 +77,9 @@ while :
             rm -rf $SERVER_FILE_PREFIX.jks
             rm -rf $SERVER_FILE_PREFIX.pub.pem
             rm -rf $SERVER_FILE_PREFIX.cer
+            rm -rf $SERVER_FILE_PREFIX.p12
+            rm -rf $SERVER_FILE_PREFIX.pem
+            rm -rf $SERVER_FILE_PREFIX.pk8.pem
             break;
             ;;
         *)  echo "Please reply 'yes' or 'no'"
@@ -84,6 +88,8 @@ while :
     done
 fi
 
+echo "INFO: your hostname is $(hostname)"
+echo "INFO: your CN (domain suffix) for key is $DOMAIN_SUFFIX"
 echo "Generating SSL Key Pair..."
 
 EXT=""
@@ -121,6 +127,32 @@ keytool -export \
   -storepass $SERVER_KEYSTORE_PASSWORD \
   -keypass $SERVER_KEY_PASSWORD
 
+echo "Converting keystore to pkcs12"
+keytool -importkeystore  \
+  -srckeystore $SERVER_FILE_PREFIX.jks \
+  -destkeystore $SERVER_FILE_PREFIX.p12 \
+  -srcalias $SERVER_KEY_ALIAS \
+  -srcstoretype jks \
+  -deststoretype pkcs12 \
+  -srcstorepass $SERVER_KEYSTORE_PASSWORD \
+  -deststorepass $SERVER_KEY_PASSWORD \
+  -srckeypass $SERVER_KEY_PASSWORD \
+  -destkeypass $SERVER_KEY_PASSWORD
+
+echo "Converting pkcs12 to pem"
+openssl pkcs12 -in $SERVER_FILE_PREFIX.p12 \
+  -out $SERVER_FILE_PREFIX.pem \
+  -passin pass:$SERVER_KEY_PASSWORD \
+  -passout pass:$SERVER_KEY_PASSWORD
+
+echo "Converting pem to pkcs8"
+openssl pkcs8 \
+  -topk8 \
+  -nocrypt \
+  -in $SERVER_FILE_PREFIX.pem \
+  -out $SERVER_FILE_PREFIX.pk8.pem \
+  -passin pass:$SERVER_KEY_PASSWORD
+
 status=$?
 if [[ $status != 0 ]]; then
     exit $status;