diff --git a/SOURCES/mod-sign.sh b/SOURCES/mod-sign.sh
index 023f5d8..d4a8327 100755
--- a/SOURCES/mod-sign.sh
+++ b/SOURCES/mod-sign.sh
@@ -14,6 +14,7 @@ MODPUBKEY=$2
 moddir=$3
 
 modules=$(find "$moddir" -type f -name '*.ko')
+sign_file=$(find . -name 'sign-file')
 
 NPROC=$(nproc)
 [ -z "$NPROC" ] && NPROC=1
@@ -21,7 +22,7 @@ NPROC=$(nproc)
 # NB: this loop runs 2000+ iterations. Try to be fast.
 echo "$modules" | xargs -r -n16 -P $NPROC sh -c "
 for mod; do
-    ./scripts/sign-file sha256 $MODSECKEY $MODPUBKEY \$mod
+    $sign_file sha256 $MODSECKEY $MODPUBKEY \$mod
     rm -f \$mod.sig \$mod.dig
 done
 " DUMMYARG0   # xargs appends ARG1 ARG2..., which go into $mod in for loop.
diff --git a/SPECS/kernel-ml-6.12.spec b/SPECS/kernel-ml-6.12.spec
index a4f81c8..215f071 100644
--- a/SPECS/kernel-ml-6.12.spec
+++ b/SPECS/kernel-ml-6.12.spec
@@ -605,7 +605,7 @@ openssl x509 -inform der -in %{SOURCE100} -out rheldup3.pem
 openssl x509 -inform der -in %{SOURCE101} -out rhelkpatch1.pem
 openssl x509 -inform der -in %{SOURCE102} -out rhelimaca1.pem
 
-cat rheldup3.pem rhelkpatch1.pem > certs/rhel.pem
+cat rheldup3.pem rhelkpatch1.pem rhelimaca1.pem > certs/rhel.pem
 for i in config-%{version}-*; do
 	sed -i 's@CONFIG_SYSTEM_TRUSTED_KEYS="*"@CONFIG_SYSTEM_TRUSTED_KEYS="certs/rhel.pem"@' $i
 done
@@ -729,7 +729,7 @@ popd > /dev/null
 %define __modsign_install_post \
 if [ "%{signmodules}" -eq "1" ]; then \
 	if [ "%{with_std}" -ne "0" ]; then \
-		%{SOURCE21} certs/signing_key.pem.sign certs/signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
+		%{SOURCE21} linux-%{version}-%{release}.x86_64/certs/signing_key.pem.sign linux-%{version}-%{release}.x86_64/certs/signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
 	fi \
 fi \
 if [ "%{zipmodules}" -eq "1" ]; then \