gencert (8) - Linux Manuals

gencert: Generate a test NSS database for mod_nss


gencert - Generate a test NSS database for mod_nss


gencert <destdir>


A tool used to generate a self-signed CA as well as server and user certificates for mod_nss testing.

This is used to generate a default NSS database for the mod_nss Apache module. It does not test to see if an existing database already exists, so use with care.

gencert will generate a new NSS database with the password "httptest".

It generates a self-signed CA with the subject "CN=Certificate Shack,, C=US"

It also generates a certificate suitable for servers with the subject "CN=<FQDN>,, C=US", and a user certificate with the subject "E=alpha@<FQDN>, CN=Frank Alpha, UID=alpha, OU=People,, C=US".

The nicknames it uses are:

Server certificate:Server-Cert
User cert:alpha


Specifies the destination directory where the NSS databases will be created.


Report bugs to


Rob Crittenden <rcritten [at]>.


Copyright (c) 2011 Red Hat, Inc. This is licensed under the Apache License, Version 2.0 (the "License"); no one may use this file except in compliance with the License. A copy of this license is available at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.