diff --git a/make-dummy-cert b/make-dummy-cert
index 3aff5be..36e340d 100644
--- a/make-dummy-cert
+++ b/make-dummy-cert
@@ -1,7 +1,8 @@
 #!/bin/sh
 umask 077
 
-answers() {
+answers()
+{
 	echo --
 	echo SomeState
 	echo SomeCity
@@ -12,17 +13,28 @@ answers() {
 }
 
 if [ $# -eq 0 ] ; then
-	echo $"Usage: `basename $0` filename [...]"
-	exit 0
+	echo >&2 "Usage: ${0##*/} filename [...]"
+	exit 1
 fi
 
-for target in $@ ; do
-	PEM1=`/bin/mktemp /tmp/openssl.XXXXXX`
-	PEM2=`/bin/mktemp /tmp/openssl.XXXXXX`
-	trap "rm -f $PEM1 $PEM2" SIGINT
-	answers | /usr/bin/openssl req -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null
-	cat $PEM1 >  ${target}
-	echo ""   >> ${target}
-	cat $PEM2 >> ${target}
-	rm -f $PEM1 $PEM2
+WORKDIR=
+exit_handler()
+{
+	[ -z "$WORKDIR" ] || rm -rf "$WORKDIR"
+	exit "$@"
+}
+
+trap 'exit_handler $?' EXIT
+trap 'exit 143' HUP INT QUIT PIPE TERM
+WORKDIR="$(mktemp -dt "${0##*/}.XXXXXXXXXX")" || exit
+PEM1="$WORKDIR/pem1"
+PEM2="$WORKDIR/pem2"
+
+for target; do
+	answers |
+		openssl req -newkey rsa:2048 -keyout "$PEM1" -nodes -x509 -days 365 -out "$PEM2" 2>/dev/null
+	cat "$PEM1" >  "$target"
+	echo        >> "$target"
+	cat "$PEM2" >> "$target"
+	rm -f "$PEM1" "$PEM2"
 done