diff --git a/bin/tests/system/synthfromdnssec/ns1/sign.sh b/bin/tests/system/synthfromdnssec/ns1/sign.sh
index 9aecf73281..9f699a05fa 100644
--- a/bin/tests/system/synthfromdnssec/ns1/sign.sh
+++ b/bin/tests/system/synthfromdnssec/ns1/sign.sh
@@ -18,7 +18,7 @@ zone=example
 infile=example.db.in
 zonefile=example.db
 
-keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
 cat "$infile" "$keyname.key" > "$zonefile"
 echo insecure NS ns1.insecure >> "$zonefile"
 echo ns1.insecure A 10.53.0.1 >> "$zonefile"
@@ -29,7 +29,7 @@ zone=insecure.example
 infile=example.db.in
 zonefile=insecure.example.db
 
-keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
 cat "$infile" "$keyname.key" > "$zonefile"
 
 $SIGNER -P -o $zone $zonefile > /dev/null
@@ -38,7 +38,7 @@ zone=dnamed
 infile=dnamed.db.in
 zonefile=dnamed.db
 
-keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
 cat "$infile" "$keyname.key" > "$zonefile"
 
 $SIGNER -P -o $zone $zonefile > /dev/null
@@ -47,7 +47,7 @@ zone=minimal
 infile=minimal.db.in
 zonefile=minimal.db
 
-keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
 cat "$infile" "$keyname.key" > "$zonefile"
 
 # do not regenerate NSEC chain as there in a minimal NSEC record present
@@ -57,7 +57,7 @@ zone=soa-without-dnskey
 infile=soa-without-dnskey.db.in
 zonefile=soa-without-dnskey.db
 
-keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
 cat "$infile" "$keyname.key" > "$zonefile"
 
 # do not regenerate NSEC chain as there in a minimal NSEC record present