Self-signed certificates generated with 'make pem' are now 4096 bits and valid for 10 years. Also use SHA256 for signing.

Makefile.in

@@ -238,13 +238,13 @@ install: all
 pem:	src/ssl.cnf
 	@echo "Generating certificate request .. "
 	$(OPENSSLPATH) req -new \
-              -config src/ssl.cnf -out server.req.pem \
+              -config src/ssl.cnf -sha256 -out server.req.pem \
               -keyout server.key.pem -nodes
 	@echo "Generating self-signed certificate .. "
-	$(OPENSSLPATH) req -x509 -days 365 -in server.req.pem \
+	$(OPENSSLPATH) req -x509 -days 3650 -sha256 -in server.req.pem \
                -key server.key.pem -out server.cert.pem
 	@echo "Generating fingerprint .."
-	$(OPENSSLPATH) x509 -subject -dates -fingerprint -noout \
+	$(OPENSSLPATH) x509 -subject -dates -sha256 -fingerprint -noout \
 		-in server.cert.pem
 	@echo "Setting o-rwx & g-rwx for files... "
 	chmod o-rwx server.req.pem server.key.pem server.cert.pem

src/ssl.cnf

@@ -3,7 +3,7 @@
 RANDFILE = ssl.rnd
 
 [ req ]
-default_bits = 1024
+default_bits = 4096
 encrypt_key = yes
 distinguished_name = req_dn
 x509_extensions = cert_type