diff --git a/config.h b/config.h
index a04ce5e..8be1646 100644
--- a/config.h
+++ b/config.h
@@ -95,7 +95,7 @@
 #define STDC_HEADERS 1
 
 /* Most recent revision number in the version control system */
-#define VCS_REVISION "90"
+#define VCS_REVISION "91"
 
 /* Version number of package */
 #define VERSION "2.5"
diff --git a/configure b/configure
index a3ecf8e..9bf31b7 100755
--- a/configure
+++ b/configure
@@ -2055,7 +2055,7 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 
-VCS_REVISION=90
+VCS_REVISION=91
 
 
 cat >>confdefs.h <<_ACEOF
diff --git a/configure.ac b/configure.ac
index 7fb05d0..12a321f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@ AC_PREREQ(2.57)
 
 dnl This is the one location where the authoritative version number is stored
 AC_INIT(shellinabox, 2.5, markus@shellinabox.com)
-VCS_REVISION=90
+VCS_REVISION=91
 AC_SUBST(VCS_REVISION)
 AC_DEFINE_UNQUOTED(VCS_REVISION, "${VCS_REVISION}",
                    [Most recent revision number in the version control system])
diff --git a/libhttp/ssl.c b/libhttp/ssl.c
index d867b03..6966939 100644
--- a/libhttp/ssl.c
+++ b/libhttp/ssl.c
@@ -492,7 +492,6 @@ static int sslSetCertificateFromFile(SSL_CTX *context,
     return -1;
   }
   int rc = sslSetCertificateFromFd(context, fd);
-  NOINTR(close(fd));
   return rc;
 }
 #endif
@@ -664,10 +663,12 @@ static char *sslFdToFilename(int fd) {
 void sslSetCertificateFd(struct SSLSupport *ssl, int fd) {
 #ifdef HAVE_OPENSSL
   check(ssl->sslContext = SSL_CTX_new(SSLv23_server_method()));
+  char *filename = sslFdToFilename(fd);
   if (!sslSetCertificateFromFd(ssl->sslContext, fd)) {
     fatal("Cannot read valid certificate from %s. Check file format.",
-          sslFdToFilename(fd));
+          filename);
   }
+  free(filename);
   ssl->generateMissing  = 0;
 #endif
 }
diff --git a/make-chained-cert.sh b/make-chained-cert.sh
index eab1a6f..f8bc7a6 100755
--- a/make-chained-cert.sh
+++ b/make-chained-cert.sh
@@ -18,7 +18,7 @@ openssl req -nodes -new -keyout /dev/stdout                                   \
             2>/dev/null | cat
 
 openssl ca -batch -keyfile "${tmp}/ca-key.pem" -cert "${tmp}/ca-cert.crt"     \
-           -notext -policy policy_anything -out /dev/stdout                   \
+           -notext -policy policy_anything -days 7300 -out /dev/stdout        \
            -infiles "${tmp}/ssl-req.pem" 2>/dev/null | cat
 cat "${tmp}/ca-cert.crt"