--- a/certs/Makefile	Tue Dec 22 14:15:09 2015 +0000
+++ b/certs/Makefile	Wed Dec 23 12:07:03 2015 +0100
@@ -26,5 +26,5 @@
 	sed 's,example\.com,$*,g' openssl.cnf > $@
 
 %.key:
-	openssl genrsa $(keysize) > $@
-	@chmod 400 $@
+	umask 0077 && openssl genrsa -out $@ $(keysize)
+	@chmod 400 $@ -c