diff --git a/README.md b/README.md
index ccaef44..2f35fcc 100644
--- a/README.md
+++ b/README.md
@@ -8,8 +8,6 @@ Quick start
 ---
 
 ```
-docker build -t lum .
-
 docker run \
            --detach \
            --name=lum \
@@ -22,7 +20,7 @@ docker run \
            -e LDAP_ADMINS_GROUP=admins \
            -e LDAP_ADMIN_BIND_DN="cn=admin,dc=example,dc=com" \
            -e LDAP_ADMIN_BIND_PWD=secret\
-           lum
+           wheelybird/ldap-user-manager
 ```
 Now go to https://lum.example.com/setup.
 
@@ -66,6 +64,8 @@ Optional:
    
 * `LDAP_REQUIRE_STARTTLS` (default: *TRUE*):  If *TRUE* then a TLS connection is required for this interface to work.  If set to *FALSE* then the interface will work without STARTTLS, but a warning will be displayed on the page.
    
+* `LDAP_TLS_CACERT` (no default): If you need to use a specific CA certificate for TLS connections to the LDAP server (when `LDAP_REQUIRE_STARTTLS` is set) then assign the contents of the CA certificate to this variable.  e.g. `-e LDAP_TLS_CERT=$(</path/to/ca.crt)`
+   
 * `DEFAULT_USER_GROUP` (default: *everybody*):  The group that new accounts are automatically added to when created.  *NOTE*: If this group doesn't exist then a group is created with the same name as the username and the user is added to that group.
 * `DEFAULT_USER_SHELL` (default: */bin/bash*):  The shell that will be launched when the user logs into a server.
 * `EMAIL_DOMAIN` (no default):  The domain name to append to the email address when creating an account (username@email_domain).  If unset then the mail attribute won't be set.
@@ -115,7 +115,7 @@ Currently the available macros are:
 * `{first_name}` : the first name in lowercase
 * `{first_name_initial}` : the first letter of the first name in lowercase
 * `{last_name}`: the last name in lowercase
-* '{last_name_initial}`: the first initial of the last name in lowercase
+* `{last_name_initial}`: the first initial of the last name in lowercase
 
 Anything else in the `USERNAME_FORMAT` string is left as defined, but the username is also checked for validity against `USERNAME_REGEX`.  This is to ensure that there aren't any characters forbidden by other systems (i.e. email or Linux/Unix accounts).
 
diff --git a/entrypoint b/entrypoint
index ba8e563..521a63b 100644
--- a/entrypoint
+++ b/entrypoint
@@ -3,6 +3,16 @@ set -e
 
 if [ ! "$SERVER_HOSTNAME" ]; then export SERVER_HOSTNAME=example.com; fi
 
+
+#If LDAP_TLS_CACERT is set then write it out as a file
+#and set up the LDAP client conf to use it.
+
+if [ "$LDAP_TLS_CACERT" ]; then
+  echo "$LDAP_TLS_CACERT" >/opt/ca.crt
+  sed -i "s/TLS_CACERT.*/TLS_CACERT /opt/ca.crt/" /etc/ldap/ldap.conf
+fi
+
+
 ########################
 #If there aren't any SSL certs then create a self-signed certificate.