diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.sgml b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
index 78883d4b5d..6bc299954e 100644
--- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
@@ -3072,10 +3072,15 @@ An optional company name []:<userinput><replaceable>Another Name</replaceable></
 	are available.  A complete list may be obtained by viewing
 	the &man.openssl.1; manual page.</para>
 
-      <para>A <filename>cert.pem</filename> file should now exist in
-	the directory which the aforementioned command was issued.  This
-	is the certificate which may be sent to any
-	<acronym>CA</acronym> for signing.</para>
+      <para>Two files should now exist in
+	the directory in which the aforementioned command was issued.
+	The certificate request, <filename>req.pem</filename>, may be
+	sent to a certificate authority who will validate the credentials
+	that you entered, sign the request and return the certificate to
+	you.  The second file created will be named <filename>cert.pem</filename>
+	and is the private key for the certificate and should be
+	protected at all costs; if this falls in the hands of others it
+	can be used to impersonate you (or your server).</para>
 
       <para>In cases where a signature from a <acronym>CA</acronym> is
 	not required, a self signed certificate can be created.  First,