Update README

README

@@ -1,15 +1,16 @@
 make-ca is a utility to deliver and manage a complete PKI configuration for
-workstaitons and servers using only standard Unix utilities and OpenSSL. It
+workstaitons and servers using only standard Unix utilities, OpenSSL, and
-will optionally generate keystores for OpenJDK and NSS if already installed,
+p11-kit, using a Mozilla cacerts.txt or like file as the trust source. It can
-using a Mozilla cacerts.txt or like formatted file. It was originally developed
+optionally generate keystores for OpenJDK PKCS#12 and NSS if installed. It was
-for use with Linux From Scratch to minimize dependencies for early system
+originally developed for use with Linux From Scratch to minimize dependencies
-build, but has been written to be generic enough for any Linux distribution.
+for early system build, but has been written to be generic enough for any Linux
+distribution.
 
 The make-ca script will process the certificates included in the certdata.txt
-file for use in multiple certificate stores (if the associated applications are
+file, and place them in the system trust anchors, for use in multiple
-present on the system). Additionally, any local certificates stored in
+certificate stores. Additionally, any local certificates stored in
-/etc/ssl/local will be imported into the certificate stores. Certificates in
+/etc/ssl/local will also be imported into the system trust anchors and
-this directory should be stored as PEM encoded OpenSSL trusted certificates.
+certificate stores making it a full trust management utiltiy.
 
 As of version 1.2, a p11-kit helper, copy-trust-modifications, is included
 for use in p11-kit's trust-extract-compat script (which should be symlinked