diff --git a/.shim.metadata b/.shim.metadata
index 310e5c3..177bafb 100644
--- a/.shim.metadata
+++ b/.shim.metadata
@@ -1,4 +1,4 @@
 bfee65ae45498fefd64b16edf9993415b625cb3c SOURCES/shimaa64.efi
-5957bbccac9f22c1738039679204be0bb57c3812 SOURCES/shimx64.efi
+8d5251f1166c9dd43426903459fe95d4bd262483 SOURCES/shimx64.efi
 122b21c2da0ca4ee839d4bb6beff7ddffd68f1a0 SOURCES/fbx64.efi
 a4f7a273cc9a531a6ef125b91353f479cfa5f79c SOURCES/mmx64.efi
diff --git a/SOURCES/almalinuxsecurebootca0.cer b/SOURCES/almalinuxsecurebootca0.cer
new file mode 100644
index 0000000..6a4e99b
Binary files /dev/null and b/SOURCES/almalinuxsecurebootca0.cer differ
diff --git a/SOURCES/clsecureboot001.cer b/SOURCES/clsecureboot001.cer
deleted file mode 100644
index ca9ce5d..0000000
Binary files a/SOURCES/clsecureboot001.cer and /dev/null differ
diff --git a/SOURCES/shim.rpmmacros b/SOURCES/shim.rpmmacros
index d29c4a3..1530a04 100644
--- a/SOURCES/shim.rpmmacros
+++ b/SOURCES/shim.rpmmacros
@@ -19,8 +19,8 @@
 %global mmefix64 %{expand:%{SOURCE42}}
 #%%global mmefiarm %%{expand:%%{SOURCE43}
 
-%global shimveraa64 15-6.el9.alma
-%global shimverx64 15.6-1.el9.alma
+%global shimveraa64 15-6.el9.alma.1
+%global shimverx64 15.6-1.el9.alma.1
 #%%global shimverarm 15-1.el8
 
 %global shimdiraa64 %{_datadir}/shim/%{shimveraa64}/aa64
@@ -55,6 +55,11 @@ Requires: mokutil >= 1:0.3.0-1						\
 Requires: efi-filesystem						\
 Provides: shim-signed-%{-a*} = %{version}-%{release}			\
 Requires: dbxtool >= 0.6-3						\
+%{expand:%ifarch x86_64						\
+# SecureBoot keys dependencies						\
+Requires: almalinux(grub2-sig-key) >= 202303				\
+Requires: almalinux(kernel-sig-key) >= 202303				\
+%endif}				\
 %{expand:%%if 0%%{-p*}							\
 Provides: shim = %{version}-%{release}					\
 Provides: shim-signed = %{version}-%{release}				\
diff --git a/SPECS/shim.spec b/SPECS/shim.spec
index 06c03d4..1df64a4 100644
--- a/SPECS/shim.spec
+++ b/SPECS/shim.spec
@@ -1,6 +1,11 @@
+%global dist %{?dist}.alma
+%global efi_vendor almalinux
+%global efidir almalinux
+%global efi_esp_dir /boot/efi/EFI/%{efidir}
+
 Name:		shim
 Version:	15.6
-Release:	1.el9.alma
+Release:	1.el9.alma.1
 Summary:	First-stage UEFI bootloader
 License:	BSD
 URL:		https://github.com/rhboot/shim/
@@ -12,7 +17,7 @@ ExclusiveArch:	%{efi}
 ExcludeArch:	%{arm} %{ix86}
 
 Source0:	shim.rpmmacros
-Source1:	clsecureboot001.cer
+Source1:	almalinuxsecurebootca0.cer
 
 # keep these two lists of sources synched up arch-wise.  That is 0 and 10
 # match, 1 and 11 match, ...
@@ -39,7 +44,7 @@ BuildRequires:	pesign >= 0.112-20.fc27
 # we can just BuildRequires that.
 %ifarch x86_64
 ## BuildRequires:	%% {unsignedx64} = %% {shimverx64}
-BuildRequires:	shim-unsigned-x64 = 15.6-1.el9.alma
+BuildRequires:	shim-unsigned-x64 = 15.6-1.el9.alma.1
 %endif
 %ifarch aarch64
 BuildRequires:	%{unsignedaa64} = %{shimveraa64}
@@ -103,8 +108,8 @@ install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi
 %endif
 
 %changelog
-* Tue Aug 23 2022 Andrew Lukoshko <alukoshko@almalinux.org> - 15.6-1.el9.alma
-- AlmaLinux changes
+* Thu Mar 09 2023 Eduard Abdullin <eabdullin@almalinux.org> - 15.6-1.el9.alma.1
+- Use AlmaLinux cert
 
 * Mon Jun 06 2022 Peter Jones <pjones@redhat.com> - 15.6-1.el9
 - Update to shim-15.6