diff --git a/src/ca-module.cpp b/src/ca-module.cpp
index b5547e0..9ac7453 100644
--- a/src/ca-module.cpp
+++ b/src/ca-module.cpp
@@ -481,22 +481,12 @@ CaModule::onChallenge(const Interest& request)
 Certificate
 CaModule::issueCertificate(const RequestState& requestState)
 {
-  auto period = requestState.cert.getValidityPeriod();
-  Certificate newCert;
-
-  Name certName = requestState.cert.getKeyName();
-  certName.append("NDNCERT").appendVersion();
-  newCert.setName(certName);
-  newCert.setContent(requestState.cert.getContent());
-  newCert.setFreshnessPeriod(1_h);
-  NDN_LOG_TRACE("cert request content " << requestState.cert);
-  SignatureInfo signatureInfo;
-  signatureInfo.setValidityPeriod(period);
-  ndn::security::SigningInfo signingInfo(ndn::security::SigningInfo::SIGNER_TYPE_ID,
-                                         m_config.caProfile.caPrefix, signatureInfo);
-  // Note: we should use KeyChain::makeCertificate() in future.
-  m_keyChain.sign(newCert, signingInfo);
-  NDN_LOG_TRACE("new cert got signed" << newCert);
+  ndn::security::MakeCertificateOptions opts;
+  opts.issuerId = Name::Component("NDNCERT");
+  opts.validity = requestState.cert.getValidityPeriod();
+  auto newCert = m_keyChain.makeCertificate(requestState.cert,
+                                            signingByIdentity(m_config.caProfile.caPrefix), opts);
+  NDN_LOG_TRACE("Signed new certificate: " << newCert);
   return newCert;
 }
 
diff --git a/src/requester-request.cpp b/src/requester-request.cpp
index 3523d77..0e8565e 100644
--- a/src/requester-request.cpp
+++ b/src/requester-request.cpp
@@ -122,28 +122,19 @@ Request::genNewInterest(const Name& keyName,
                         const time::system_clock::time_point& notBefore,
                         const time::system_clock::time_point& notAfter)
 {
-  if (!m_caProfile.caPrefix.isPrefixOf(keyName)) {
+  if (keyName.empty() || !m_caProfile.caPrefix.isPrefixOf(keyName)) {
     return nullptr;
   }
-  if (keyName.empty()) {
-    return nullptr;
-  }
-  else {
-    const auto& pib = m_keyChain.getPib();
-    ndn::security::pib::Identity identity;
-    m_identityName = ndn::security::extractIdentityFromKeyName(keyName);
-    identity = pib.getIdentity(m_identityName);
-    m_keyPair = identity.getKey(keyName);
-  }
+
+  m_identityName = ndn::security::extractIdentityFromKeyName(keyName);
+  auto identity = m_keyChain.getPib().getIdentity(m_identityName);
+  m_keyPair = identity.getKey(keyName);
 
   // generate certificate request
-  Certificate certRequest;
-  certRequest.setName(Name(keyName).append("cert-request").appendVersion());
-  certRequest.setContentType(ndn::tlv::ContentType_Key);
-  certRequest.setContent(m_keyPair.getPublicKey());
-  SignatureInfo signatureInfo;
-  signatureInfo.setValidityPeriod(ndn::security::ValidityPeriod(notBefore, notAfter));
-  m_keyChain.sign(certRequest, signingByKey(keyName).setSignatureInfo(signatureInfo));
+  ndn::security::MakeCertificateOptions opts;
+  opts.issuerId = Name::Component("cert-request");
+  opts.validity.emplace(notBefore, notAfter);
+  auto certRequest = m_keyChain.makeCertificate(m_keyPair, signingByKey(keyName), opts);
 
   // generate Interest packet
   Name interestName = m_caProfile.caPrefix;