diff --git a/bin/helper/gen_cert/README.md b/bin/helper/gen_cert/README.md
new file mode 100644
index 00000000..d007add5
--- /dev/null
+++ b/bin/helper/gen_cert/README.md
@@ -0,0 +1,14 @@
+Usage
+=====
+These scripts are useful to generate the server's self-signed certificate.
+## Root Certification Authority ##
+`gen_root.sh`
+This will create a rootCA.crt to verify the server's cert.
+## Server certificate ##
+### Configuration Files ###
+Look into these files if you plan to verify the certificate:
+  * san.cnf holds basic information about the certificate.
+  * ext.3 holds in particular the 'subjectAltNames** option that is for the verification to succeed.
+
+ ### Generation ###
+`gen_root.sh`
diff --git a/bin/helper/gen_cert/ext3.cnf b/bin/helper/gen_cert/ext3.cnf
new file mode 100644
index 00000000..8f36435b
--- /dev/null
+++ b/bin/helper/gen_cert/ext3.cnf
@@ -0,0 +1,5 @@
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+IP.1 = 127.0.0.1
diff --git a/bin/helper/gen_cert/gen_cert.sh b/bin/helper/gen_cert/gen_cert.sh
new file mode 100755
index 00000000..f22de1cb
--- /dev/null
+++ b/bin/helper/gen_cert/gen_cert.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+# Create Server key
+openssl genrsa -out server.key 4096
+# Create the Server Signing Request - non interactive, config in san.cnf
+openssl req -sha256 -new -key server.key -out server.csr -config san.cnf
+# Create the server certificate by rootCA, with ext3 subjectAltName in ext3.cnf
+openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile ext3.cnf
+# Concat in pem
+cat server.crt server.key > server.pem
diff --git a/bin/helper/gen_cert/gen_root.sh b/bin/helper/gen_cert/gen_root.sh
new file mode 100755
index 00000000..1f6e582b
--- /dev/null
+++ b/bin/helper/gen_cert/gen_root.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash 
+# Create Root key
+openssl genrsa -out rootCA.key 4096
+# Create and Sign the Root CA Certificate
+openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt -config san.cnf
diff --git a/bin/helper/gen_cert/san.cnf b/bin/helper/gen_cert/san.cnf
new file mode 100644
index 00000000..61d8a11a
--- /dev/null
+++ b/bin/helper/gen_cert/san.cnf
@@ -0,0 +1,11 @@
+[req]
+default_bits = 4096
+prompt = no
+default_md = sha256
+distinguished_name = dn
+
+[dn]
+C=LU
+L=Luxembourg
+O=AIL-Default
+CN = localhost