diff --git a/Makefile.in b/Makefile.in
index 6ddde9ba0..de7802b2c 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -246,19 +246,17 @@ install: all
 		echo 'Again, be sure to change to the @SCRIPTDIR@ directory!' ; \
 	fi
 
-### TODO: all the stuff below ;) ###
 pem:	extras/ssl.cnf
-	@echo "Generating certificate request .. "
+	@echo "Generating server key..."
+	$(OPENSSLPATH) ecparam -out server.key.pem -name secp384r1 -genkey
+	@echo "Generating certificate request..."
 	$(OPENSSLPATH) req -new \
               -config extras/ssl.cnf -sha256 -out server.req.pem \
-              -keyout server.key.pem -nodes
-	@echo "Generating self-signed certificate .. "
+              -key server.key.pem -nodes
+	@echo "Generating self-signed certificate..."
 	$(OPENSSLPATH) req -x509 -days 3650 -sha256 -in server.req.pem \
                -key server.key.pem -out server.cert.pem
-	@echo "Generating fingerprint .."
-	$(OPENSSLPATH) x509 -subject -dates -sha256 -fingerprint -noout \
-		-in server.cert.pem
-	@echo "Setting o-rwx & g-rwx for files... "
+	@echo "Setting permissions on server.*.pem files..."
 	chmod o-rwx server.req.pem server.key.pem server.cert.pem
 	chmod g-rwx server.req.pem server.key.pem server.cert.pem
 
diff --git a/extras/ssl.cnf b/extras/ssl.cnf
index 62352b407..4f7589e89 100644
--- a/extras/ssl.cnf
+++ b/extras/ssl.cnf
@@ -3,8 +3,8 @@
 RANDFILE = ssl.rnd
 
 [ req ]
-default_bits = 4096
-encrypt_key = yes
+# Note: RSA bits is ignored, as we use ECC now
+default_bits = 2048
 distinguished_name = req_dn
 x509_extensions = cert_type
 
diff --git a/src/win32/makecert.bat b/src/win32/makecert.bat
index 89953f62c..fd232bcbd 100755
--- a/src/win32/makecert.bat
+++ b/src/win32/makecert.bat
@@ -1,5 +1,6 @@
 @title Certificate Generation
 SET OPENSSL_CONF=ssl.cnf
-openssl req -new -config ssl.cnf -out conf/ssl/server.req.pem -keyout conf/ssl/server.key.pem -nodes
+openssl ecparam -out server.key.pem -name secp384r1 -genkey
+openssl req -new -config ssl.cnf -out conf/ssl/server.req.pem -key conf/ssl/server.key.pem -nodes
 openssl req -x509 -config ssl.cnf -days 3650 -sha256 -in conf/ssl/server.req.pem -key conf/ssl/server.key.pem -out conf/ssl/server.cert.pem