diff --git a/gencert.sh b/gencert.sh
index bedf02f..e0d2d53 100755
--- a/gencert.sh
+++ b/gencert.sh
@@ -1,7 +1,10 @@
 #!/bin/bash
-openssl req -x509 -out scratch-device-manager.pem \
-	-keyout scratch-device-manager.pem -newkey rsa:2048 -nodes -sha256 \
-	-days 3650 -extensions EXT -config /dev/stdin << HERE
+CERT_FILE=scratch-device-manager.cer
+KEY_FILE=scratch-device-manager.key
+
+# Generate certificate and key files
+openssl req -x509 -out "${CERT_FILE}" -keyout "${KEY_FILE}" -newkey rsa:2048 \
+	-nodes -sha256 -days 3650 -extensions EXT -config /dev/stdin << HERE
 [dn]
 CN = device-manager.scratch.mit.edu
 [req]
@@ -10,3 +13,4 @@ distinguished_name = dn
 [EXT]
 subjectAltName = DNS:device-manager.scratch.mit.edu
 HERE
+
diff --git a/scratch_link.py b/scratch_link.py
index 415b105..e5ca4b2 100755
--- a/scratch_link.py
+++ b/scratch_link.py
@@ -529,8 +529,9 @@ class BLESession(Session):
 
 # kick start WSS server
 ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
-localhost_pem = pathlib.Path(__file__).with_name("scratch-device-manager.pem")
-ssl_context.load_cert_chain(localhost_pem)
+localhost_cer = pathlib.Path(__file__).with_name("scratch-device-manager.cer")
+localhost_key = pathlib.Path(__file__).with_name("scratch-device-manager.key")
+ssl_context.load_cert_chain(localhost_cer, localhost_key)
 sessionTypes = { '/scratch/ble': BLESession, '/scratch/bt': BTSession }
 
 async def ws_handler(websocket, path):