diff --git a/xCAT-server/share/xcat/ca/openssl.cnf.tmpl b/xCAT-server/share/xcat/ca/openssl.cnf.tmpl
index ee26a53eb..08732fd33 100644
--- a/xCAT-server/share/xcat/ca/openssl.cnf.tmpl
+++ b/xCAT-server/share/xcat/ca/openssl.cnf.tmpl
@@ -162,7 +162,7 @@ nsCertType			= server, client, objsign
 nsComment			= "OpenSSL Generated Server Certificate"
 subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid,issuer
-keyUsage = digiatalSignature,KeyAgreement
+keyUsage = digitalSignature,keyAgreement
 extendedKeyUsage = serverAuth
 
 [ usr_cert ]
@@ -173,7 +173,7 @@ extendedKeyUsage = serverAuth
 # requires this to avoid interpreting an end user certificate as a CA.
 
 basicConstraints=CA:FALSE
-keyUsage = digiatalSignature,KeyAgreement
+keyUsage = digitalSignature,keyAgreement
 extendedKeyUsage = clientAuth
 
 # Here are some examples of the usage of nsCertType. If it is omitted
diff --git a/xCAT-server/share/xcat/scripts/setup-local-client.sh b/xCAT-server/share/xcat/scripts/setup-local-client.sh
index 5e8a3b7a8..dd95a4e4d 100755
--- a/xCAT-server/share/xcat/scripts/setup-local-client.sh
+++ b/xCAT-server/share/xcat/scripts/setup-local-client.sh
@@ -51,7 +51,7 @@ done
 mkdir -p $USERHOME/.xcat
 cd $USERHOME/.xcat
 openssl genrsa -out client-key.pem 2048
-openssl req -config $XCATCADIR/openssl.cnf -new -key client-key.pem -out client-req.pem -extensions usr_crt -subj "/CN=$CNA"
+openssl req -config $XCATCADIR/openssl.cnf -new -key client-key.pem -out client-req.pem -extensions usr_cert -subj "/CN=$CNA"
 cp client-req.pem  $XCATDIR/ca/root.csr
 cd -
 cd $XCATDIR/ca