diff --git a/dtool/metalibs/dtoolconfig/Sources.pp b/dtool/metalibs/dtoolconfig/Sources.pp
index 3735f0361f..0791e97f5c 100644
--- a/dtool/metalibs/dtoolconfig/Sources.pp
+++ b/dtool/metalibs/dtoolconfig/Sources.pp
@@ -9,7 +9,7 @@
 
 #define COMPONENT_LIBS interrogatedb dconfig prc
 #define LOCAL_LIBS dtoolutil dtoolbase
-#define USE_PACKAGES python
+#define USE_PACKAGES python ssl
 
 #begin metalib_target
   #define TARGET dtoolconfig
diff --git a/dtool/src/interrogate/Sources.pp b/dtool/src/interrogate/Sources.pp
index 42b487efe5..12d68e5a36 100644
--- a/dtool/src/interrogate/Sources.pp
+++ b/dtool/src/interrogate/Sources.pp
@@ -1,6 +1,7 @@
 #define BUILD_DIRECTORY $[HAVE_INTERROGATE]
 
 #define LOCAL_LIBS cppParser pystub interrogatedb dconfig dtoolutil dtoolbase
+#define USE_PACKAGES ssl
 
 #begin bin_target
   #define TARGET interrogate
diff --git a/dtool/src/prckeys/makePrcKey.cxx b/dtool/src/prckeys/makePrcKey.cxx
index 27cf1a9025..672a1e3281 100644
--- a/dtool/src/prckeys/makePrcKey.cxx
+++ b/dtool/src/prckeys/makePrcKey.cxx
@@ -20,7 +20,7 @@
 #include "prcKeyRegistry.h"
 #include "filename.h"
 #include "vector_int.h"
-#include <assert.h>
+#include <stdio.h>
 
 // Pick up the public key definitions.
 #ifdef PRC_PUBLIC_KEYS_INCLUDE
@@ -264,39 +264,38 @@ usage() {
   cerr <<
     "\nmake-prc-key [opts] 1 [2 3 ...]\n\n"
 
-    "This program generates one or more new private keys for signing\n"
+    "This program generates one or more new keys to be used for signing\n"
     "a prc file.  The key itself is a completely arbitrary random bit\n"
     "sequence.  It is divided into a public and a private key; the public\n"
-    "key is not secret and will be compiled into Panda, while the private\n"
+    "key is not secret and will be compiled into libdtool, while the private\n"
     "key should be safeguarded and will be written into a .cxx file that\n"
     "can be compiled as a standalone application.\n\n"
-
-    "The generated public keys are written to outfile.cxx, which can\n"
-    "then be named via the PRC_PUBLIC_KEYS_FILENAME Config.pp variable\n"
-    "so that they will be compiled into the config system and will be\n"
-    "available to verify signatures on prc files.  If -o is not\n"
-    "specified, the filename previously named by\n"
-    "PRC_PUBLIC_KEYS_FILENAME is used (and the previous contents as\n"
-    "compiled into this executable will be preserved).\n\n"
     
-    "The private keys are written to one or more files named\n"
-    "outfile_sign1.cxx, outfile_sign2.cxx, etc., based on the key numbers\n"
-    "to be generated.  When compiled, these files will generate a program\n"
-    "that can be used to sign a prc file with the indicated key.\n\n"
+    "The output is a public and private key pair for each trust level.  The\n"
+    "form of the output for both public and private keys will be compilable\n"
+    "C++ code; see -a and -b, below, for a complete description.\n\n"
     
-    "The arguments on the command line list the individual key numbers to\n"
-    "generate.  For each integer specified, a different key will be\n"
-    "created.  There should be one key for each trust level required,\n"
-    "so typically you will only need one or two keys.\n\n"
+    "After the options, the remaining arguments list the individual trust\n"
+    "level keys to generate.  For each integer specified, a different key\n"
+    "will be created.  There should be one key for each trust level\n"
+    "required; a typical application will only need one or two keys.\n\n"
   
     "Options:\n\n"
     
-    "   -o outfile.cxx\n"
-    "       Specifies the name and location of the output file to generate.\n"
-    "       This directly specifies the name of the public key file, and\n"
-    "       also indirectly specifies the names of the private key programs\n"
-    "       that are to be generated (they will be named outfile_sign1.cxx,\n"
-    "       outfile_sign2.cxx, and so on).\n\n"
+    "   -a pub_outfile.cxx\n"
+    "       Specifies the name and location of the public key output file\n"
+    "       to generate.  This file must then be named by the Config.pp\n"
+    "       variable PRC_PUBLIC_KEYS_FILENAME so that it will be compiled\n"
+    "       in with libdtool and available to verify signatures.\n\n"
+
+    "   -b priv_outfile#.cxx\n"
+    "       Specifies the name and location of the private key output file(s)\n"
+    "       to generate.  A different output file will be generated for each\n"
+    "       different trust level; the hash mark '#' appearing in the file\n"
+    "       name will be filled in with the corresponding numeric trust level.\n"
+    "       When compiled against dtool, each of these files will generate\n"
+    "       a program that can be used to sign a prc file with the corresponding\n"
+    "       trust level.\n\n"
 
     "   -p \"[pass phrase]\"\n"
     "       Uses the indicated pass phrase to encrypt the private key.\n"
@@ -319,10 +318,12 @@ int
 main(int argc, char *argv[]) {
   extern char *optarg;
   extern int optind;
-  const char *optstr = "o:p:h";
+  const char *optstr = "a:b:p:h";
 
-  Filename outfile;
-  bool got_outfile = false;
+  Filename pub_outfile;
+  bool got_pub_outfile = false;
+  Filename priv_outfile;
+  bool got_priv_outfile = false;
   string pass_phrase;
   bool got_pass_phrase = false;
 
@@ -330,9 +331,14 @@ main(int argc, char *argv[]) {
 
   while (flag != EOF) {
     switch (flag) {
-    case 'o':
-      outfile = optarg;
-      got_outfile = true;
+    case 'a':
+      pub_outfile = optarg;
+      got_pub_outfile = true;
+      break;
+
+    case 'b':
+      priv_outfile = optarg;
+      got_priv_outfile = true;
       break;
 
     case 'p':
@@ -358,24 +364,37 @@ main(int argc, char *argv[]) {
     exit(1);
   }
 
-  if (got_outfile) {
-    if (outfile.get_extension() != "cxx") {
-      cerr << "Output file '" << outfile << "' should have a .cxx extension.\n";
+  if (got_pub_outfile) {
+    if (pub_outfile.get_extension() != "cxx") {
+      cerr << "Public key output file '" << pub_outfile
+           << "' should have a .cxx extension.\n";
       exit(1);
     }
   } else {
 #ifdef PRC_PUBLIC_KEYS_INCLUDE
     PrcKeyRegistry::get_global_ptr()->record_keys(prc_pubkeys, num_prc_pubkeys);
-    outfile = PRC_PUBLIC_KEYS_FILENAME;
+    pub_outfile = PRC_PUBLIC_KEYS_FILENAME;
 #endif
 
-    if (outfile.empty()) {
-      cerr << "No -o specified, and no PRC_PUBLIC_KEYS_FILENAME variable\n"
+    if (pub_outfile.empty()) {
+      cerr << "No -a specified, and no PRC_PUBLIC_KEYS_FILENAME variable\n"
            << "compiled in.\n\n";
       exit(1);
     }
   }
 
+  if (got_priv_outfile) {
+    if (priv_outfile.get_extension() != "cxx") {
+      cerr << "Private key output file '" << priv_outfile
+           << "' should have a .cxx extension.\n";
+      exit(1);
+    }
+
+  } else {
+    cerr << "You must use the -b option to specify the private key output filenames.\n";
+    exit(1);
+  }
+
   int max_key_number = 0;
 
   vector_int key_numbers;
@@ -407,6 +426,22 @@ main(int argc, char *argv[]) {
     pp = pass_phrase.c_str();
   }
 
+  string name = priv_outfile.get_fullpath_wo_extension();
+  string prefix, suffix;
+  bool got_hash;
+
+  size_t hash = name.find('#');
+  if (hash == string::npos) {
+    prefix = name;
+    suffix = ".cxx";
+    got_hash = false;
+
+  } else {
+    prefix = name.substr(0, hash);
+    suffix = name.substr(hash + 1) + ".cxx";
+    got_hash = true;
+  }
+
   vector_int::iterator ki;
   for (ki = key_numbers.begin(); ki != key_numbers.end(); ++ki) {
     int n = (*ki);
@@ -414,13 +449,23 @@ main(int argc, char *argv[]) {
     PrcKeyRegistry::get_global_ptr()->set_key(n, pkey, now);
 
     ostringstream strm;
-    strm << outfile.get_fullpath_wo_extension() << "_sign" << n
-         << ".cxx";
+    if (got_hash || n != 1) {
+      // If we got an explicit hash mark, we always output the number.
+      // If we did not get an explicit hash mark, we output the number
+      // only if it is other than 1.
+      strm << prefix << n << suffix;
+
+    } else {
+      // If we did not get an explicit hash mark in the filename, we
+      // omit the number for key 1 (this might be the only key, and
+      // so maybe the user doesn't require a number designator).
+      strm << prefix << suffix;
+    }
 
     write_private_key(pkey, strm.str(), n, now, pp);
   }
 
-  write_public_keys(outfile);
+  write_public_keys(pub_outfile);
 
   return (0);
 }
diff --git a/dtool/src/prckeys/signPrcFile_src.cxx b/dtool/src/prckeys/signPrcFile_src.cxx
index fcf748a316..968a36aa62 100644
--- a/dtool/src/prckeys/signPrcFile_src.cxx
+++ b/dtool/src/prckeys/signPrcFile_src.cxx
@@ -295,7 +295,7 @@ main(int argc, char *argv[]) {
   if (argv[0] != NULL && *argv[0]) {
     // Get the program name from the command-line arguments, if the OS
     // provides it.
-    Filename progfile = argv[0];
+    Filename progfile = Filename::from_os_specific(argv[0]);
     progname = progfile.get_basename_wo_extension();
   }
 
diff --git a/dtool/src/test_interrogate/Sources.pp b/dtool/src/test_interrogate/Sources.pp
index 66cd7e528c..29b6c804e5 100644
--- a/dtool/src/test_interrogate/Sources.pp
+++ b/dtool/src/test_interrogate/Sources.pp
@@ -1,4 +1,5 @@
 #define LOCAL_LIBS pystub interrogatedb dconfig dtoolutil dtoolbase
+#define USE_PACKAGES ssl
 
 #begin bin_target
   #define TARGET test_interrogate