diff --git a/ssl_mgmt/ssl_mgmt b/ssl_mgmt/ssl_mgmt
index 263cfb3..dfc26ac 100755
--- a/ssl_mgmt/ssl_mgmt
+++ b/ssl_mgmt/ssl_mgmt
@@ -96,6 +96,7 @@ parse_args ()
 	eval service="\$$((OPTIND+1))"
 }
 
+# @return 0 if we are not root and must sudo, 1 otherwise
 # Are we root?
 must_sudo ()
 {
@@ -104,6 +105,8 @@ must_sudo ()
 	return $?
 }
 
+# @param cmdline the command line used to invoke this script
+#
 # This function tries to become root with sudo and execute this script.
 # NB: This function doesn't return.
 try_sudo ()
@@ -119,6 +122,10 @@ try_sudo ()
 	exit $ret
 }
 
+# @param subject the subject line
+# @param field the field name
+#
+# Get a subject field value from the subject line
 get_field_from_line ()
 {
 	local - line field result
@@ -132,6 +139,9 @@ get_field_from_line ()
 	fi
 }
 
+# @param certPath the absolute path to the certificate to renew
+#
+# Get configuration values to fill openssl.cnf with
 get_cert_params ()
 {
 	local - subject issuer dates ext fromDate toDate certPath
@@ -166,6 +176,12 @@ get_cert_params ()
 	days=$(($days/86400))
 }
 
+# @param cmd the current sed replace command
+# @param key the pattern to be replaced
+# @param value the value to replace the pattern by
+#
+# Add a replace command s/key/value to the sed replace command passed in
+# argument
 add_to_replace_cmd ()
 {
 	local - replaceCmd key value
@@ -176,6 +192,7 @@ add_to_replace_cmd ()
 	echo "$replaceCmd${replaceCmd:+;}s/$key/${value:-}/"
 }
 
+# Generate the openssl.cnf configuration file from the openssl.cnf.in template
 generate_config ()
 {
 	local - replaceCmd cnfTmpFile
@@ -202,6 +219,14 @@ generate_config ()
 	mv $cnfTmpFile $confFile
 }
 
+# @param service the name of the service associated with the certificate to
+#        renew
+# @param certPath the absolute path to the certificate to renew
+# @param keyPath the absolute path to the key associated with the certificate
+#        to renew
+#
+# Generate the certificate, key and combine key+certificate based on the values
+# of the existing certificate
 generate_cert ()
 {
 	local - service certPath keyPath reqFile certFile keyFile keycertFile