diff --git a/edgelet/edgelet-http-workload/src/edge_ca.rs b/edgelet/edgelet-http-workload/src/edge_ca.rs
index 0141ed276c0..d2fdacd4122 100644
--- a/edgelet/edgelet-http-workload/src/edge_ca.rs
+++ b/edgelet/edgelet-http-workload/src/edge_ca.rs
@@ -106,7 +106,7 @@ impl cert_renewal::CertInterface for EdgeCaRenewal {
                 }
 
                 let key_handle = key_client
-                    .create_key_pair_if_not_exists(&key_id, Some("rsa-2048:*"))
+                    .create_key_pair_if_not_exists(&key_id, Some("ec-p256:rsa-4096:*"))
                     .await
                     .map_err(|_| {
                         cert_renewal::Error::retryable_error("failed to generate temp key")
diff --git a/edgelet/edgelet-http-workload/src/lib.rs b/edgelet/edgelet-http-workload/src/lib.rs
index 230fbc1c098..1f519e95de6 100644
--- a/edgelet/edgelet-http-workload/src/lib.rs
+++ b/edgelet/edgelet-http-workload/src/lib.rs
@@ -106,7 +106,7 @@ where
             let key_client = self.key_client.lock().await;
 
             key_client
-                .create_key_pair_if_not_exists(&self.config.edge_ca_key, Some("rsa-2048:*"))
+                .create_key_pair_if_not_exists(&self.config.edge_ca_key, Some("ec-p256:rsa-4096:*"))
                 .await
                 .map_err(|err| err.to_string())?
         };