+```
+# Create an ext file containing the Subject Alternative Name (SAN)
+# DNS.1 should correspond to the API endpoint of the app (more info near end of article if you plan on changing)
+cat > auxbrain.ext << EOF
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = www.auxbrain.com
+EOF
+
+# Create your own Certificate Authority
+openssl genrsa -des3 -out myCA.key 2048
+openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
+# Create a CSR and lets have the new CA sign it
+openssl req -new -key auxbrain.key -out auxbrain.csr -nodes
+openssl x509 -req -in auxbrain.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out auxbrain.crt -days 825 -sha256 -extfile auxbrain.ext
+# You now have myCA.pem - the public certificate of your root CA, auxbrain.key - the private key for your webserver, auxbrain.pem - the public cert for your webserver.
+```
+
+Use the generated `auxbrain.pem` and `auxbrain.key` files for your webserver SSL/TLS configuration. For nginx, append following values to your server directive:
+```
+listen 443 ssl;
+ssl_certificate /path/to/auxbrain.pem;
+ssl_certificate_key /path/to/auxbrain.key;
+ssl_session_cache shared:SSL:1m;
+ssl_session_timeout 5m;
+ssl_ciphers HIGH:!aNULL:!MD5;
+ssl_prefer_server_ciphers on;
+```
+
+Import the self-signed CA (myCA.pem) to your phone's truststore (Check under your phone's Security/Encryption settings). Once all of that is done, run the app for first time.