diff --git a/README.md b/README.md
index 7b98e5b..79b1965 100644
--- a/README.md
+++ b/README.md
@@ -2,23 +2,20 @@
 
 ## Running Desktop
 1. `cargo install dioxus-cli --version 0.6.3`
-2. `dx build -p mumble-web2-gui --platform desktop`
+2. `dx run -p mumble-web2-gui --platform desktop --release`
 
 ## Running Web
 1. `cargo install dioxus-cli --version 0.6.3`
-2. `cargo install cargo install wtransport --example gencert`
-3. in the proxy directory:
-   1. `cp config.toml.example config.toml`
-   2. run `gencert` and copy the certificate hash into config.toml
-   3. `cargo run -p mumble-web2-proxy` in the background
+2. `dx build -p mumble-web2-gui --platform web --release`
+3. `cp config.toml.example config.toml`
+4. `cargo run -p mumble-web2-proxy` in the background
+5. connect to `localhost:8080`
 
-## with `dx serve`
-4. in the gui directory
-   1. `export 'MUMBLE_WEB2_GUI_CONFIG={"cert_hash": <CERTIFICATE HASH HERE>, "proxy_url": "https://localhost:4433"}'`
-   2. `dx serve -p mumble-web2-gui --platform web`
-5. connect to `localhost:8080` (most common)
-
-## with `mumble-web2-proxy` only
-4. in the gui directory:
-   1. `dx build -p mumble-web2-gui --platform web`
-5. connect to `localhost:4434` (most common)
+## Running Web (with `dx serve`)
+1. `cargo install dioxus-cli --version 0.6.3`
+2. `cp config.toml.example config.toml`
+3. `cargo run -p mumble-web2-proxy` in the background
+4. `cargo install cargo install wtransport --example gencert`
+5. `export 'MUMBLE_WEB2_GUI_CONFIG={"cert_hash": <CERTIFICATE HASH HERE>, "proxy_url": "https://localhost:4433"}'`
+6. `dx serve -p mumble-web2-gui --platform web`
+7. connect to `localhost:8080`
diff --git a/proxy/src/main.rs b/proxy/src/main.rs
index 3eb4e59..dbb6205 100644
--- a/proxy/src/main.rs
+++ b/proxy/src/main.rs
@@ -121,10 +121,14 @@ async fn main() -> Result<()> {
         (None, None) => {
             info!("generating self-signed cert");
 
-            use rcgen::{CertificateParams, KeyPair, PKCS_ECDSA_P256_SHA256};
-            let key_pair = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256)?;
-            let mut cert_params = CertificateParams::new(config.cert_alt_names.clone())?;
-            cert_params.not_after = time::OffsetDateTime::now_utc() + time::Duration::days(12);
+            // FIXME: redo every <14 days
+            let mut dname = rcgen::DistinguishedName::new();
+            dname.push(rcgen::DnType::CommonName, "mumble-web self-signed");
+            let key_pair = rcgen::KeyPair::generate_for(&rcgen::PKCS_ECDSA_P256_SHA256)?;
+            let mut cert_params = rcgen::CertificateParams::new(config.cert_alt_names.clone())?;
+            cert_params.distinguished_name = dname;
+            cert_params.not_before = time::OffsetDateTime::now_utc();
+            cert_params.not_after = cert_params.not_before + time::Duration::days(12);
             let cert = cert_params.self_signed(&key_pair)?;
 
             let hash = hmac_sha256::Hash::hash(cert.der().as_ref());