diff --git a/README.md b/README.md
index ead7f06..0991ca4 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,9 @@
-A small HTTP(S)[*] API that accepts X509 CSRs and signs them if they
-contain the magic number (specifically, if they have a custom
-`challengePassword` attribute containing a pre-agreed value)
+# Certifix
+
+Not an Asterix character.  A small HTTP(S)[*] API that accepts X509
+CSRs and signs them if they contain the magic number (specifically, if
+they have a custom `challengePassword` attribute containing a
+pre-agreed value)
 
 Modelled on the Puppet CA "Policy-based autosigning" functionality,
 but without the rest of Puppet
@@ -32,11 +35,11 @@ echo 'urban cookie collective' > psk
 chmod 0700 psk
 
 # create CA key and cert
-openssl genrsa -out ca.key 4096  
+openssl genrsa -out ca.key 4096
 CN=CA openssl req -config openssl.cnf -x509 -new -nodes -key ca.key -sha256 -days 3650  -out ca.crt
 
 # create client CSR
-CN=rotuer openssl req -config openssl.cnf -newkey rsa:2048 -nodes -keyout client.key -out client.csr 
+CN=rotuer openssl req -config openssl.cnf -newkey rsa:2048 -nodes -keyout client.key -out client.csr
 
 # start the server
 bin/certifix