In regards to the comment above:
"After generating a key pair with OpenSSL, the public key can be stored in plain text format. I then encrypted the private key itself using regular mcrypt with the human-memorizable key of my choice and converted it to ACSII using base64_encode. Then to get the private key back, I just decrypted it with mcrypt. This way I could store the encrypted private key on the server without worrying about having things stored unencrypted. "
To anyone reading this that might not be all that familiar with public key cryptography; I haven't the slightest idea what this person is talking about, but I can tell you its an absolutely horrible idea. He might have ended up with something that "looked like a private key" insofar as it was a base64 encoded string, but he did not have a private key. The parameters that make up a public/private key pair are EXTREMELY specific and in the case of RSA rely on very large co-primes plus an even larger moduli. Its not just a base64 encoded string; and just for the record... base64 encoding is not encryption.
One of two things happened; the more likely is the whatever program he needed the certificate for realized there was something wrong with the private key, and ignored it, reverting to either a default key, or null encryption or something. The worse outcome would be if it interpreted whatever was there as legitimate; and encrypted data as if it were a a proper certificate; encrypting this way would likely provide close to zero security and I'm not even sure you could decrypt the data once encrypted. Its not worth giving much thought.
Just please; don't do this.
You can read about pki certificate structures and attribute frameworks by pasting "T-REC-X.509-201210-I" into your favorite interwebs search widget and following the result to the International Telecommunications Union webpage, or you can refer to the numerous RFCs; 6818, 5820 being good places to start. The Internet Engineering Task Force archives all RFCs, but there are other sources as well. "IETF RFC" should be enough to get you there.
...sorry, the "spam buster" was giving me all kinds of issues.