diff --git a/README.md b/README.md
index 5439ae2..f259fff 100644
--- a/README.md
+++ b/README.md
@@ -94,3 +94,18 @@ simple-ca make-ca   [--days N] [--issuing-ca PREFIX] [--aia-base-url URL] CA_DIR
 simple-ca make-cert [--ca-dir DIR] [--days N] [--issuing-ca PREFIX] CERT_DIR SUBJECT [SAN...]
 simple-ca make-pfx  --ca-dir DIR [--issuing-ca PREFIX] --path CERT_PATH [--password PASS]
 ```
+
+## Self Signed Ceritifcate
+
+The following command will create a *full-featured* self-signed certificate that can act as CA certificate and be used for client and server authentication:
+
+```bash
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+    -keyout "key.pem" \
+    -out "cert.pem" \
+    -subj "/CN=<user name>/O=<user organization>/C=<CC>" \
+    -addext "basicConstraints=critical,CA:TRUE" \
+    -addext "keyUsage=critical,digitalSignature,keyEncipherment,keyCertSign,cRLSign" \
+    -addext "extendedKeyUsage=serverAuth,clientAuth" \
+    -addext "subjectAltName=DNS:<computer_name>"
+```