From b2295ee080af997cd7bbfcdb6a278bb9efbf67b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C5=82awek=20Koszewski?= <slawek@koszewscy.waw.pl>
Date: Thu, 7 May 2026 15:27:39 +0200
Subject: [PATCH] Update README.md

---
 README.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/README.md b/README.md
index 5439ae2..f259fff 100644
--- a/README.md
+++ b/README.md
@@ -94,3 +94,18 @@ simple-ca make-ca   [--days N] [--issuing-ca PREFIX] [--aia-base-url URL] CA_DIR
 simple-ca make-cert [--ca-dir DIR] [--days N] [--issuing-ca PREFIX] CERT_DIR SUBJECT [SAN...]
 simple-ca make-pfx  --ca-dir DIR [--issuing-ca PREFIX] --path CERT_PATH [--password PASS]
 ```
+
+## Self Signed Ceritifcate
+
+The following command will create a *full-featured* self-signed certificate that can act as CA certificate and be used for client and server authentication:
+
+```bash
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+    -keyout "key.pem" \
+    -out "cert.pem" \
+    -subj "/CN=<user name>/O=<user organization>/C=<CC>" \
+    -addext "basicConstraints=critical,CA:TRUE" \
+    -addext "keyUsage=critical,digitalSignature,keyEncipherment,keyCertSign,cRLSign" \
+    -addext "extendedKeyUsage=serverAuth,clientAuth" \
+    -addext "subjectAltName=DNS:<computer_name>"
+```