diff --git a/README.md b/README.md
index 2aaa607..72a96a7 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 # Policy for Internal Security
-This repo describes my P.I.S. (**P**oliciy for **I**nternal **S**ecurity).
+This repo describes my P.I.S. (**P**olicy for **I**nternal **S**ecurity).
 You'll find my personal guidelines for SSH / GPG on YubiKey and how to configure and create a key / certificate.
 
 I have several YubiKey, each with different purpose. 
@@ -195,6 +195,14 @@ This creates the file `id_ed25519_sk-keyring-cert.pub` that is the certificate t
 
 ---
 
+# x509
+
+## Master YubiKey
+I create a certificate in PIV slot 9a with Yubico authenticator. This CA would be used as a Root CA for my server.
+TODO fix with XCA
+
+---
+
 # Troubleshooting
 ## GPG
 Sometimes, for unknown (for me) reason, you need to kill the gpg-agent to be able to use the YubiKey again.