How to make a SHA-256 ECC SSL Key and You Can too!

So, found out SHA-1 is being phased out in 2016 because hackers. Here's how to move to the super-mega-secure Elliptical Curve SSL key and a self signed cert with SHA-256 (Works in OpenSSL for Windows/Linux):

1. openssl ecparam -out foo.key -name prime256v1 -genkey

2. openssl req -new -sha256 -key foo.key -x509 -nodes -days 365 -out foo.crt

Note: prime256v1 is the NIST recommended standard for the Diffe-Hillman ECC key and right now is the ONLY one fully supported by all browsers and won't get you a "weak" score on the Qualys SSL test. Also, should be impenetrable until quantum computers become common in 20 years.

Stupid Windows Note: To make this a PFX file for Windows Servers (Or anything) use:

$ openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt