From 8dd7ceaac1863cfbab9419c008449a307e055f8b Mon Sep 17 00:00:00 2001
From: Shuanglei Tao <tsl0922@gmail.com>
Date: Thu, 24 Nov 2016 14:09:10 +0800
Subject: [PATCH] [ci skip] Update README.md

---
 README.md | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 58548d9..7923565 100644
--- a/README.md
+++ b/README.md
@@ -99,7 +99,7 @@ Then open <http://localhost:8080> with a broswer, you will get a bash shell with
 Generate SSL CA and self signed server/client certificates:
 
 ```bash
-# CA
+# CA certificate (FQDN must be different from server/client)
 openssl genrsa -out ca.key 4096
 openssl req -new -x509 -days 365 -key ca.key -out ca.crt
 # server certificate
@@ -115,7 +115,12 @@ openssl pkcs12 -in client.p12 -out client.pem -clcerts
 Then start ttyd:
 
 ```bash
-ttyd --ssl --ssl-cert ca.crt --ssl-key ca.key --ssl-ca ca.crt bash
+ttyd --ssl --ssl-cert server.crt --ssl-key server.key --ssl-ca ca.crt bash
+```
+You may want to test the client certificate verification with `curl`:
+
+```bash
+curl --insecure --cert client.p12[:password] -v https://localhost:7681
 ```
 
 If you don't want to enable client certificate verification, remove the `--ssl-ca` option.
@@ -141,4 +146,4 @@ Docker containers are jailed environments which are more secure, this is useful
   [6]: https://www.lede-project.org
   [7]: http://brew.sh
   [8]: https://chromium.googlesource.com/apps/libapps/+/HEAD/hterm
-  [9]: https://github.com/tsl0922/ttyd/issues/6
\ No newline at end of file
+  [9]: https://github.com/tsl0922/ttyd/issues/6
-- 
2.43.4