diff --git a/main.py b/main.py
index 690adb84198be4fbe28e4e7e46d7fc9806e62892..d3f9201e961f0722423ed53fa813561cd1c1ab4a 100644
--- a/main.py
+++ b/main.py
@@ -476,7 +476,7 @@ def export_certificate():
         return send_file(certificates.get_pem_files(user_spec.cn)[1],
                          attachment_filename=f"{user_spec.cn}.key", mimetype="application/x-pem-file")
     # Otherwise show the HTML page
-    return render_template("export_certificate.html", token=token, username=username)
+    return render_template("export_certificate.html", token=token, username=username, soctoolsproxy=config.SOCTOOLSPROXY)
 
 
 @app.route("/send_token/<username>")
diff --git a/templates/export_certificate.html b/templates/export_certificate.html
index 3173ef1706b13b6345b375f186c0f3a18c75cffa..f7617f91ff741fd69bbb629ef16827b7f6d18e0f 100644
--- a/templates/export_certificate.html
+++ b/templates/export_certificate.html
@@ -1,14 +1,40 @@
-{% extends "base.html" %}
-{% block body %}
+<!doctype html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>SOCtools - user certificate</title>
+  <style>
+  p { margin: 1em 0em; padding: 0; }
+  h2 { margin: 2em 0 1em 0; font-size: large; }
+  </style>
+</head>
+<body>
 
-<p>The certificate for user '{{ username }}', which allows to access various SOCtools services,
-can be downloaded in the following formats:</p>
+<h1>SOCtools - download certificate for user '{{ username }}'</h1>
 
-{# TODO password field/prompt #}
-<p><a href="{{ url_for('export_certificate') }}?token={{token}}&amp;format=p12">PKCS12 (.p12)</a> - contains both certificate and matching private key &nbsp; <span style="font-style: italics; color: #777;">← You probably need this to import into your browser</span></p>
+<p>The certificate allows to access SOCtools services running at <i>{{ soctoolsproxy }}</i>.
+It can be downloaded in the following formats:</p>
 
-<p><a href="{{ url_for('export_certificate') }}?token={{token}}&amp;format=pem-cert">PEM (certificate) (.crt)</a></p>
+<h2>PKCS12 format (.p12)</h3>
+<p>
+It contains both the certificate and matching private key.
+The file should by protected (encrypted) by a password (empty password is possible, but not recommended):
+</p>
+<form action="{{ url_for('export_certificate') }}?token=&amp;format=p12" method="GET">
+<input type="hidden" name="token" value="{{token}}">
+<input type="hidden" name="format" value="p12">
+<label for="password">Password:</label>
+<input type="password" name="password"></input>
+<input type="submit" value="Download PKCS12 (.p12)">
+<span style="margin-left: 1em; font-style: italics; color: #777;">← You probably need this to import into your browser</span>
+</form>
 
-<p><a href="{{ url_for('export_certificate') }}?token={{token}}&amp;format=pem-key">PEM (private key) (.key)</a></p>
+<h2>PEM format (.crt, .key)</h2>
+<p>
+Certificate and private key are stored separately in PEM format. Encryption is not supported.<br>
+<a href="{{ url_for('export_certificate') }}?token={{token}}&amp;format=pem-cert">Download certificate (.crt)</a><br>
+<a href="{{ url_for('export_certificate') }}?token={{token}}&amp;format=pem-key">Download private key (.key)</a>
+</p>
 
-{% endblock %}
\ No newline at end of file
+</body>
+</html>
\ No newline at end of file