diff --git a/mkcerts.sh b/mkcerts.sh
old mode 100755
new mode 100644
diff --git a/nuconf b/nuconf
new file mode 100644
index 0000000..a87c304
--- /dev/null
+++ b/nuconf
@@ -0,0 +1,49 @@
+#This bit doesn't work for some reason, it complains about xmppAddr already existing, but then generates errors below because it doesn't exist, so fuck it, magic number.
+#oid_section             = new_oids
+#[ new_oids ]
+# RFC 6120 section 13.7.1.4 defines this OID
+#xmppAddr = 1.3.6.1.5.5.7.8.5
+
+[ req ]
+
+default_bits            = 2048
+distinguished_name      = distinguished_name
+req_extensions          = v3_extensions
+x509_extensions         = v3_extensions
+
+# don't ask about the DN
+prompt = no
+
+[ distinguished_name ]
+
+countryName                     = AU
+stateOrProvinceName             = TAS
+
+commonName                      = rakka.au
+
+[ v3_extensions ]
+
+# for certificate requests (req_extensions)
+# and self-signed certificates (x509_extensions)
+
+keyUsage                        = digitalSignature,keyEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName                  = @subject_alternative_name
+
+[ subject_alternative_name ]
+
+DNS.0 = rakka.au
+otherName.0 = 1.3.6.1.5.5.7.8.5;UTF8:rakka.au
+
+#Append the following for a server which handles multiple domain names:
+DNS.1 = harpy.faith
+otherName.1 = 1.3.6.1.5.5.7.8.5;UTF8:harpy.faith
+DNS.2 = botegirl.parts
+otherName.2 = 1.3.6.1.5.5.7.8.5;UTF8:botegirl.parts
+
+DNS.3 = *.rakka.au
+otherName.3 = 1.3.6.1.5.5.7.8.5;UTF8:*.rakka.au
+DNS.4 = *.harpy.faith
+otherName.4 = 1.3.6.1.5.5.7.8.5;UTF8:*.harpy.faith
+DNS.5 = *.botegirl.parts
+otherName.5 = 1.3.6.1.5.5.7.8.5;UTF8:*.botegirl.parts