diff --git a/contrib/scripts/ast_tls_cert b/contrib/scripts/ast_tls_cert
index 3650bffa467d03f9dd05e2fa78d42134ae99f185..991352072c4108050ba5a1fe7cf22e2e419a7dd5 100755
--- a/contrib/scripts/ast_tls_cert
+++ b/contrib/scripts/ast_tls_cert
@@ -65,7 +65,7 @@ OPTIONS:
   -C  Common name (cert field)
         This should be the fully qualified domain name or IP address for
         the client or server. Make sure your certs have unique common
-        namems.
+        names.
   -O  Org name (cert field)
         An informational string (company name)
   -o  Output filename base (defaults to asterisk) 
@@ -83,8 +83,8 @@ and tlscafile=/etc/ca.crt. Since this is a self-signed key, many devices will
 require you to import the ca.crt file as a trusted cert.
 
 To create a client cert using the CA cert created by the example above:
-  ast_tls_cert -m client -c /tmp/ca.crt -k /tmp/ca.key -C "Joe User" -O \\
-    "My Company" -d /tmp -o joe_user
+  ast_tls_cert -m client -c /tmp/ca.crt -k /tmp/ca.key -C phone1.mycompany.com \\
+    -O "My Company" -d /tmp -o joe_user
 
 This will create client.crt/key/pem in /tmp. Use this if your device supports
 a client certificate. Make sure that you have the ca.crt file set up as