diff --git a/SOURCES/almalinuxsecurebootca0.cer b/SOURCES/almalinuxsecurebootca0.cer
new file mode 100644
index 0000000..6a4e99b
Binary files /dev/null and b/SOURCES/almalinuxsecurebootca0.cer differ
diff --git a/SOURCES/clsecureboot001.cer b/SOURCES/clsecureboot001.cer
deleted file mode 100644
index ca9ce5d..0000000
Binary files a/SOURCES/clsecureboot001.cer and /dev/null differ
diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros
index 3c6a725..8baf627 100644
--- a/SOURCES/grub.macros
+++ b/SOURCES/grub.macros
@@ -287,6 +287,11 @@ Requires:	%{name}-tools-extra = %{evr}				\
 Requires:	%{name}-tools = %{evr}					\
 Requires:	%{efi_esp_dir}/shim%%(echo %{1} | cut -d- -f2).efi	\
 Provides:	%{name}-efi = %{evr}					\
+Provides:	almalinux(grub2-sig-key) = 202303				\
+%{expand:%%ifarch x86_64						\
+Conflicts:	shim-x64 <= 15.6-1.el8.alma					\
+Conflicts:	shim-ia32 <= 15.6-1.el8.alma				\
+%%endif}										\
 %{?legacy_provides:Provides:	%{name} = %{evr}}			\
 %{-o:Obsoletes:	%{name}-efi < %{evr}}					\
 									\
@@ -402,8 +407,10 @@ done								\
 	-p /EFI/BOOT -d grub-core				\\\
 	--sbat %{4}./sbat.csv					\\\
 	${GRUB_MODULES}						\
-%{expand:%%{pesign -s -i %%{2}.orig -o %%{2} -a %%{5} -c %%{6} -n %%{7}}}	\
-%{expand:%%{pesign -s -i %%{3}.orig -o %%{3} -a %%{5} -c %%{6} -n %%{7}}}	\
+%{expand:%%{pesign -s -i %%{2}.orig -o %%{2}.one -a %%{5} -c %%{6} -n %%{7}}}	\
+%{expand:%%{pesign -s -i %%{3}.orig -o %%{3}.one -a %%{5} -c %%{6} -n %%{7}}}	\
+%{expand:%%{pesign -s -i %%{2}.one -o %%{2} -a %%{8} -c %%{9} -n %%{10}}}	\
+%{expand:%%{pesign -s -i %%{3}.one -o %%{3} -a %%{8} -c %%{9} -n %%{10}}}	\
 %{nil}
 %else
 %define efi_mkimage()						\
diff --git a/SOURCES/redhatsecureboot701.cer b/SOURCES/redhatsecureboot701.cer
deleted file mode 100644
index 25e3743..0000000
Binary files a/SOURCES/redhatsecureboot701.cer and /dev/null differ
diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec
index d4e4c63..53e0bdf 100644
--- a/SPECS/grub2.spec
+++ b/SPECS/grub2.spec
@@ -28,7 +28,7 @@ Source6:	gitignore
 Source8:	strtoull_test.c
 Source9:	20-grub.install
 Source12:	99-grub-mkconfig.install
-Source13:	clsecureboot001.cer
+Source13:	almalinuxsecurebootca0.cer
 Source19:	sbat.csv.in
 
 %include %{SOURCE1}
@@ -36,16 +36,16 @@ Source19:	sbat.csv.in
 %if 0%{with_efi_arch}
 %define old_sb_ca	%{SOURCE13}
 %define old_sb_cer	%{SOURCE13}
-%define old_sb_key	clsecureboot001
+%define old_sb_key	almalinuxsecurebootca0
 %define sb_ca		%{SOURCE13}
 %define sb_cer		%{SOURCE13}
-%define sb_key		clsecureboot001
+%define sb_key		almalinuxsecurebootca0
 %endif
 
 %ifarch ppc64le
 %define old_sb_cer	%{SOURCE13}
 %define sb_cer		%{SOURCE13}
-%define sb_key		clsecureboot001
+%define sb_key		almalinuxsecurebootca0
 %endif
 
 # AlmaLinux: keep upstream EVR for RHEL SBAT entry