diff --git a/tools_webrtc/sslroots/README.md b/tools_webrtc/sslroots/README.md
new file mode 100644
index 0000000000..b81bd4455a
--- /dev/null
+++ b/tools_webrtc/sslroots/README.md
@@ -0,0 +1,23 @@
+# Generate rtc_base/ssl_roots.h
+
+This directory contains a script to generate the content of
+[rtc_base/ssl_roots.h][ssl-roots-header], to update the SSL roots shipped
+by WebRTC follow this instructions:
+
+1. Download roots.pem from [pki.goog][pki-goog].
+
+2. Launch the script:
+
+```
+$ python tools_webrtc/sslroots/generate_sslroots.py roots.pem
+```
+
+3. Step 2 should have generated an ssl_roots.h file right next to roots.pem.
+
+4. Open rtc_base/ssl_roots.h, manually remove the old certificates and paste
+   the ones from the ssl_roots.h file.
+
+5. Delete the generated ssl_roots.h and roots.pem before creating the CL.
+
+[ssl-roots-header]: https://cs.chromium.org/chromium/src/third_party/webrtc/rtc_base/ssl_roots.h
+[pki-goog]: https://www.google.com/url?q=https://pki.google.com/roots.pem
diff --git a/tools_webrtc/sslroots/generate_sslroots.py b/tools_webrtc/sslroots/generate_sslroots.py
index 65751f1f1a..7d8bf14471 100644
--- a/tools_webrtc/sslroots/generate_sslroots.py
+++ b/tools_webrtc/sslroots/generate_sslroots.py
@@ -25,7 +25,7 @@ import os
 import re
 import string
 
-_GENERATED_FILE = 'sslroots.h'
+_GENERATED_FILE = 'ssl_roots.h'
 _PREFIX = '__generated__'
 _EXTENSION = '.crt'
 _SUBJECT_NAME_ARRAY = 'subject_name'