Using client certificates provides good security for any administration pages your site may have. They are also relatively easy to generate, once you find your way through the sea of OpenSSL commands. But beware, you may soon get a certificate error in your browser one day! OpenSSL makes a signed certificate last for only 30 days by default, and so I recently had to go and generate a new certificate before I could access my site. This time, I set a slightly longer expiration date with the -days option to the openssl x509 signing utility. If you generate your own certs, set a reasonable expiration date so you don’t have to constantly generate new ones!