gencert - Man Page

Generate a test NSS database for mod_nss


gencert <destdir>


A tool used to generate a self-signed CA as well as server and user certificates for mod_nss testing.

This is used to generate a default NSS database for the mod_nss Apache module. It does not test to see if an existing database already exists, so use with care.

gencert will generate a new NSS database with the password "httptest".

It generates a self-signed CA with the subject "CN=Certificate Shack,, C=US"

It also generates a certificate suitable for servers with the subject "CN=<FQDN>,, C=US", and a user certificate with the subject "E=alpha@<FQDN>, CN=Frank Alpha, UID=alpha, OU=People,, C=US".

The nicknames it uses are:

Server certificate:Server-Cert
User cert:alpha



Specifies the destination directory where the NSS databases will be created.


Report bugs to


Rob Crittenden <>.


Jul 1 2013 Rob Crittenden