diff --git a/README b/README
index c6ac5ef..8655143 100644
--- a/README
+++ b/README
@@ -7,16 +7,23 @@ but without the rest of Puppet
 [ This README is speculative ]
 
 
----
+## Try it out
 
-DOMAIN="/C=GB/ST=London/L=London/O=Telent"
+```
+# create CA key and cert
+openssl genrsa -out ca.key 4096  
+CN=CA openssl req -config openssl.cnf -x509 -new -nodes -key ca.key -sha256 -days 3650  -out ca.crt
 
-openssl genrsa -out ca.key 4096
-openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -subj "${DOMAIN}/CN=CA" -out ca.crt
+# create client CSR
+CN=rotuer openssl req -config openssl.cnf -newkey rsa:2048 -nodes -keyout client.key -out client.csr 
 
-openssl req -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr -subj "${DOMAIN}/OU=devices/CN=rotuer"
+# start the server
+bin/certifix
 
+# send it
 
+curl -v -H 'content-type: application/x-pem-file' --data-binary @client.csr  http://localhost:8201/sign
+```
 
 
 https://www.puppet.com/docs/puppet/7/ssl_attributes_extensions#csr_custom_attributes-recommended-oids-custom-attributes
diff --git a/openssl.cnf b/openssl.cnf
new file mode 100644
index 0000000..5ca8fcc
--- /dev/null
+++ b/openssl.cnf
@@ -0,0 +1,19 @@
+[ req ]
+default_bits           = 2048
+distinguished_name     = req_distinguished_name
+attributes             = req_attributes
+prompt = no
+
+dirstring_type = nobmp
+
+[ req_distinguished_name ]
+countryName            = GB
+stateOrProvinceName    = London
+localityName           = London
+organizationName       = Telent
+commonName             = $ENV::CN
+
+[ req_attributes ]
+challengePassword              = loves labours lost
+
+