FAQ is starting to take shape

also tweaked the main page

document_root/faq.html

@@ -59,10 +59,48 @@ come first in the head; any other head content must come *after* these tags -->
 
     <div class="starter-template">
       <h1>FAQ</h1>
-      <div class="row">
-        <p></p>
+      <p class="lead">Do I have to pay to use this service?</p>
+      <p>No, it's free.</p>
+      <p class="lead">Can I use this certificate on my commerce website?</p>
+      <p>Although there's no technical reason why you couldn't use the sslip.io SSL key and certificate for your commerce web, we <i>strongly</i> recommend against it: the key is publicly available; your traffic isn't secure. sslip.io's primary purpose is
+        to assist developers who need to test against valid SSL certs, not to safeguard content.</p>
+      <p class="lead">What is the sslip.io certificate chain?</p>
+      <p>The sslip.io certificate chain looks like the following:</p>
+      <div class="col-sm-12">
+        <img src="img/cert_chain.png" height="206" />
       </div>
-      <p>&copy; 2015 Brian Cunnie, Pivotal Software</p>
+      <div class="row"></div>
+      <p></p>
+      <p>Note that the "root" certificate is "AddTrust's External CA Root", which issued a certificate to the "COMODO RSA Certification Authority", which in turn issued a certificate to the "COMODO RSA Domain Validation Secure Server CA" which in turn issued
+        our certificate, "*.sslip.io".
+        <p class="lead">My webserver wants a certificate and an "intermediate certificate chain"&mdash;where do I get that?</p>
+        <p>Certain web servers (e.g. <a href="http://www.tenable.com">Tenable's</a>
+          <a href="http://www.tenable.com/products/nessus-vulnerability-scanner">Nessus</a> scanner) prefer to split the chained certificate file (which has three concatenated certificates) into two files: one file containing a single certificate for
+          the server itself (e.g. the "*.sslip.io" certificate), and a second file containing the intermediate certificate authorities (e.g. the two COMODO certificate authorities).
+          <p>You can split the chained certificate file by hand, or you can download them, pre-split, from GitHub:
+          </p>
+          <ul>
+            <li>the server
+              <a href="https://raw.githubusercontent.com/cunnie/sslip.io/master/ssl/sslip.io.crt.pem"></a>certificate ("*.sslip.io")</li>
+            <li>the intermedicate certificate
+              <a href=""></a>chain (the COMODO CAs)</li>
+          </ul>
+          certificates (certificates of the Intermediate Certificate Authorities), they prefer for those certificates to be placed in a separate file. You can find the
+          <a href="intermediate certificate chain">isolated</a> which can consist of one</p>
+        <p class="lead">Why can't I use dots in my hostname? xip.io lets me use dots.</p>
+        <p class="lead">Do I have to use the sslip.io domain? I'd rather have a valid cert for my domain.</p>
+        <p>If you want valid SSL certificate, and you don't want to use the sslip.io domain, then you'll need to purchase a certificate for your domain. We purchased ours from
+          <a href="https://www.cheapsslshop.com">Cheap SSL Shop</a>, but use a vendor with whom you're comfortable.
+        </p>
+        <p class="lead"></p>
+        <p class="lead">What does the certificate chain look like?</p>
+        <p class="lead">Do you have support for IPv6-style addresses?</p>
+        <p class="lead">Why did you choose a 4096-bit key instead of a 2048-bit key?</p>
+        <p class="lead">Where do I report bugs? I think I found one.</p>
+        <div class="row">
+          <p></p>
+        </div>
+        <p>&copy; 2015 Brian Cunnie, Pivotal Software</p>
     </div>
   </div>
   <!-- /.container -->

document_root/index.html

@@ -73,12 +73,14 @@ come first in the head; any other head content must come *after* these tags -->
       <div class="col-sm-1"></div>
       <div class="row"></div>
       <h3>What is it?</h3>
-      <p><b>sslip.io</b> is a special DNS domain (sslip.io) that maps crafted hostnames to IP addresses (e.g. <i>192-168-0-1.sslip.io</i> maps to IP address <i>192.168.0.1</i>). Combined with a valid wildcard SSL certificate, it provides trusted SSL connections
+      <p><b>sslip.io</b> is a special DNS domain that maps crafted hostnames
+        to IP addresses (e.g. <i>192-168-0-1.sslip.io</i> resolves to <i>192.168.0.1</i>).
+        Combined with a valid wildcard SSL certificate, it provides trusted SSL connections
         to your webserver, your docker registry, etc.... All in a matter of seconds.</p>
       <h3>How do I use it?
       </h3>
-      <p class="lead">First, find your server's IP address to determine its sslip.io hostname.</p>
-      <p>Your server's sslip.io is a mash-up of your server's IP address and the <b>sslip.io</b> domain. Here are some examples:</p>
+      <p class="lead">First, find your server's IP address to determine its sslip.io hostname</p>
+      <p>Your server's sslip.io hostname is a mash-up of your server's IP address and the <b>sslip.io</b> domain. Here are some examples:</p>
       <table class="sslip">
         <tr>
           <th>Server's IP Address</th>
@@ -97,8 +99,8 @@ come first in the head; any other head content must come *after* these tags -->
           <td>www-10-1-1-2.sslip.io</td>
         </tr>
         <tr>
-          <td>192.168.0.1</td>
-          <td>console-192-168-0-1.sslip.io</td>
+          <td>172.16.0.1</td>
+          <td>console-172-16-0-1.sslip.io</td>
         </tr>
       </table>
       <br />