diff --git a/Private-CA-and-self-signed-certs-that-work-with-Chrome.md b/Private-CA-and-self-signed-certs-that-work-with-Chrome.md
index eeaa37f..61cfea1 100644
--- a/Private-CA-and-self-signed-certs-that-work-with-Chrome.md
+++ b/Private-CA-and-self-signed-certs-that-work-with-Chrome.md
@@ -1,18 +1,30 @@
-To get bitwarden working properly with self-signed certificates, chrome needs the certificate to include the domain name in the alternative name field of the certificate.
+To get bitwarden working properly with self-signed certificates, Chrome needs the certificate to include the domain name in the alternative name field of the certificate.
 
-Create a CA key:
-`openssl genrsa -des3 -out myCA.key 2048`
+Create a CA key (your own little on-premise Certificate Authority):
+```
+openssl genpkey -algorithm RSA -aes128 -out private-ca.key -outform PEM -pkeyopt rsa_keygen_bits:2048
+```
+
+Note: instead of `-aes128` you could also use the older `-des3`.
 
 Create a CA certificate:
-`openssl req -x509 -new -nodes -key myCA.key -sha256 -days 3650 -out myCA.pem`
+```
+openssl req -x509 -new -nodes -sha256 -days 3650 -key private-ca.key -out self-signed-ca-cert.crt
+```
+
+Note: the `-nodes` argument prevents setting a pass-phrase for the private key (key pair) in a test/safe environment, otherwise you'll have to input the pass-phrase every time you start/restart the server.
 
 Create a bitwarden key:
-`openssl genrsa -out bitwarden.key 2048`
+```
+openssl genpkey -algorithm RSA -out bitwarden.key -outform PEM -pkeyopt rsa_keygen_bits:2048
+```
 
 Create the bitwarden certificate request file:
-`openssl req -new -key bitwarden.key -out bitwarden.csr`
+```
+openssl req -new -key bitwarden.key -out bitwarden.csr
+```
 
-Create a text file `bitwarden.ext` with the following, change the domain names to your setup.
+Create a text file `bitwarden.ext` with the following content, change the domain names to your setup.
 ```
 authorityKeyIdentifier=keyid,issuer
 basicConstraints=CA:FALSE
@@ -28,11 +40,10 @@ DNS.2 = www.bitwarden.local
 Create the bitwarden certificate, signed from the root CA:
 
 ```
-openssl x509 -req -in bitwarden.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out bitwarden.crt -days 1825 -sha256 -extfile bitwarden.ext
+openssl x509 -req -in bitwarden.csr -CA self-signed-ca-cert.crt -CAkey private-ca.key -CAcreateserial -out bitwarden.crt -days 3650 -sha256 -extfile bitwarden.ext
 ```
 
 Add the root certificate and the bitwarden certificate to client computers.
 
 
-
 For reference, see here: https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/
\ No newline at end of file