copypasta SSL info from #125 to main readme (#1633)

* put info from #215 into main readme

* successfully tested on my Enigma2 box

plus pointer to openssl-cooknook

* fixup, textual clarification

* doh! link name was incomplete

README.md

@@ -105,6 +105,39 @@ init 3
 
 ---
 
+## Custom SSL Certificate
+
+If you want to use your own certificate, then replace both `/etc/enigma2/key.pem` and `/etc/enigma2/cert.pem` with your own key and cert, in PEM format.
+
+Restart Enigma2 after replacing those files.
+
+### Using your own CA
+
+You can also put the ca cert as `/etc/enigma2/ca.pem` and enable HTTPS Client Cert auth in settings you can even login using Client certs signed by the same CA auth.
+
+It doesn't bypass the password login yet and you should of course use your own CA, because else any client with a key signed by that CA auth can login, as there is no option to limit access to certain users (yet, and probably newer will be).
+
+See also #215
+
+### Problems with a custom Certificate
+
+Creating key and cert is beyond the scope of this readme.
+I found [Ivan Ristić's openssl cookbook](https://www.feistyduck.com/books/openssl-cookbook/) helpful.
+
+FWIW, an `ecparam` `secp384r1` key and a `ecdsa-with-SHA256` cert with 4 SAN worked just fine on the following;
+
+```bash
+root@vuduo4kse:~# date ; cat /etc/os-release 
+Wed Nov 29 22:58:24 CET 2023
+ID=openbh
+NAME="openbh"
+VERSION="5.1"
+VERSION_ID=5.1
+PRETTY_NAME="openbh 5.1"
+```
+
+---
+
 ## Development Information
 
 See what's been happening, check out the [OpenWebif changelog](CHANGES.md)