diff --git a/README.md b/README.md
index 518d26e724f8f4c9f508d8d1f11d9c57b5e70c6f..3d00f1d600bc28ecd04a195c797f6da67adcadd0 100644
--- a/README.md
+++ b/README.md
@@ -98,7 +98,10 @@ LOGIN_URL = urls.reverse_lazy("sso-login")  # django setting
 
 #### Certs
 
-- if you don't need your cert to be signed you can use `openssl req -new -x509 -days 3650 -nodes -out sp.pem -keyout sp.key`
+- if you don't have a cert yet you can create one (and it doesn't need to be signed to use for SAML2 encryption):
+```bash
+openssl req -newkey rsa:16384 -x509 -days 3650 -nodes -out sp.pem -keyout sp.key
+```
 - create `cert` directory:
   - inside of project `settings` directory if it's a package
   - next to project `settings.py` file if it's a module