diff --git a/docs/manual/ssl/ssl_faq.xml b/docs/manual/ssl/ssl_faq.xml
index 99c6fb3fc2..4e9ccc195f 100644
--- a/docs/manual/ssl/ssl_faq.xml
+++ b/docs/manual/ssl/ssl_faq.xml
@@ -347,7 +347,7 @@ SSLCertificateKeyFile /path/to/this/server.key
     <p>The short answer is to use the <code>CA.sh</code> or <code>CA.pl</code>
     script provided by OpenSSL. Unless you have a good reason not to,
     you should use these for preference. If you cannot, you can create a
-    self-signed Certificate as follows:</p>
+    self-signed certificate as follows:</p>
 
     <ol>
     <li>Create a RSA private key for your server
@@ -372,7 +372,7 @@ SSLCertificateKeyFile /path/to/this/server.key
        with the RSA key you just created (output will be PEM formatted):<br />
        <br />
        <code><strong>$ openssl req -new -x509 -nodes -sha1 -days 365
-                       -key server.key -out server.crt</strong></code><br />
+                       -key server.key -out server.crt -extensions usr_cert</strong></code><br />
        <br />
        This signs the server CSR and results in a <code>server.crt</code> file.<br />
        You can see the details of this Certificate using:<br />
@@ -385,8 +385,7 @@ SSLCertificateKeyFile /path/to/this/server.key
 
 <section id="passphrase"><title>How can I change the pass-phrase on my private key file?</title>
 <p>You simply have to read it with the old pass-phrase and write it again,
-    specifying the new pass-phrase. You can accomplish this with the following
-    commands:</p>
+    specifying the new pass-phrase. You can accomplish this with the following commands:</p>
 
 
     <p><code><strong>$ openssl rsa -des3 -in server.key -out server.key.new</strong></code><br />