diff --git a/.gitignore b/.gitignore
index 052ad59..bb39802 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,7 @@ compiled/
 
 /*.bak
 /private/*.bak
+/scribblings/*.css
+/scribblings/*.js
+/scribblings/*.bak
+/scribblings/*.html
diff --git a/scribblings/self-signed-cert.scrbl b/scribblings/self-signed-cert.scrbl
index e6a7676..b26b20f 100644
--- a/scribblings/self-signed-cert.scrbl
+++ b/scribblings/self-signed-cert.scrbl
@@ -121,7 +121,8 @@ term “X.509 certificate”.
           [duration-in-days integer?]
           [hosts (or/c  is-ip? is-dns? list-of-hosts?)]
           [country string?]
-          [company string?])
+          [company string?]
+          [#:ou ou (or/c string? #f)])
          self-signed-cert?]{
 
 Generates a new self-signed RSA certificate and private key.
@@ -132,28 +133,18 @@ Racket's @racketmodname[openssl] library.
 @subsection{Arguments}
 
 @itemlist[
-@item{@racket[bits] — size of the RSA key in bits (for example
-@racket[2048] or @racket[4096]).}
-
-@item{@racket[duration-in-days] — number of days for which the
-certificate remains valid.}
-
-@item{@racket[hosts] — a host name, IP address, or a list of such
-values. These values are written into the certificate's
+@item{@racket[bits] — size of the RSA key in bits (for example @racket[2048] or @racket[4096]).}
+@item{@racket[duration-in-days] — number of days for which the certificate remains valid.}
+@item{@racket[hosts] — a host name, IP address, or a list of such values. These values are written into the certificate's
 @italic{Subject Alternative Name} extension.}
-
-@item{@racket[country] — value for the certificate subject's
-@tt{C} (country) attribute.}
-
-@item{@racket[company] — value for the certificate subject's
-@tt{O} (organization) attribute.}
+@item{@racket[country] — value for the certificate subject's @tt{C} (country) attribute.}
+@item{@racket[company] — value for the certificate subject's @tt{O} (organization) attribute.}
+@item{@racket[ou] - value for the certificate subject's @tt{OU} (organization unit) attribute.}
 ]
 
 The first host in the list is used as the certificate's
 Common Name (CN).
 
-@subsection{Result}
-
 Returns a @racket[self-signed-cert] structure containing:
 
 @itemlist[
@@ -161,8 +152,25 @@ Returns a @racket[self-signed-cert] structure containing:
 @item{the corresponding self-signed X.509 certificate}
 ]
 
-Both values are returned as PEM encoded strings.
+Both values are returned as PEM encoded byte-arrays.
+}
 
+@section{Store Certificates}
+
+@defproc[(self-signed-cert-save
+          [ssc self-signed-cert?]
+          [cert-file (or/c string? path?)]
+          [privkey-file (or/c string/ path?)])
+          boolean?]{
+Saves the certificate and private key of the self signed certificate to
+files with the given filenames. The contents of the files will be replaced
+if they already exist.
+
+
+Returns @tt{#t} if succesful. If the filenames cannot be written,
+an exception will be raised.
+}
+                   
 @subsection{Example}
 
 @#reader scribble/comment-reader 
@@ -173,7 +181,7 @@ Both values are returned as PEM encoded strings.
     365
     '("localhost" "127.0.0.1" "*.local.lan")
     "NL"
-    "Example Company"))
+    "Example Company" #:ou "Example Department"))
 
 (private-key cert)
 (certificate cert)