diff --git a/modules/release_guide/pages/create_release_signing_key.adoc b/modules/release_guide/pages/create_release_signing_key.adoc
index abf6dc7..ad3ba1c 100644
--- a/modules/release_guide/pages/create_release_signing_key.adoc
+++ b/modules/release_guide/pages/create_release_signing_key.adoc
@@ -144,8 +144,12 @@ $ sigul -v -v sign-certificate fedorasigulca fedora-41-ima --issuer-certificate-
 
 NOTE: Change the name from `41/fourtyone` to the appropriate release version.
 
-We need to find the best way to get the certificate to the kernel maintainers. It is recommended to ask them directly. Additionally, we need to add it to `fedora-repos` like the other keys.
+This .pem file then needs to be converted to a 'der' file (which is what IMA natively uses):
 
+openssl x509 -inform PEM -in fedora-44-ima.pem -outform DER -out fedora-44-ima.der
+
+The .der file should be added to fedora-repos package and the kernel should trust it
+because it's signed by our CA.
 
 === fedora-repos
 
@@ -477,4 +481,4 @@ Verify that ``/etc/koji-gc/koji-gc.conf`` has the new key in it.
 
 == Consider Before Running
 
-Nothing at this time.
\ No newline at end of file
+Nothing at this time.