diff --git a/conf/cert_store.ini b/conf/cert_store.ini
index e05e89d..97ce7c1 100644
--- a/conf/cert_store.ini
+++ b/conf/cert_store.ini
@@ -5,34 +5,37 @@ DEBUG_SWITCH = 1
 RUN_LOG_LEVEL = 10
 RUN_LOG_PATH = ./logs
 [CONFIG]
-#运行线程数
+#Number of running threads
 thread-nu = 4
-#本地默认根证书签发有效期，默认为30天
+#Local default root certificate is valid for 30 days by default
 expire_after = 30
-#本地默认根证书路径
+#Local default root certificate path
 def-ca-path = ../ca
 [NTC_MAAT]
-#配置加载模式,0为使用配置分发网络下发的文件,1为使用本地json,2为使用Redis读取的配置
+#Configure the load mode,
+#0: using the configuration distribution network
+#1: using local json
+#2: using Redis reads
 maat_json_switch=2
-#当加载模式为网络下发时，设置扫描配置修改间隔(s)
+#When the loading mode is sent to the network, set the scanning configuration modification interval (s).
 effective_interval=1
-#指定配置库表文件位置
+#Specify the location of the configuration library table file
 table_info=../conf/table_info.conf
-#增量配置文件路径
+#Incremental profile path
 inc_cfg_dir=../rule/inc/index
-#全量配置文件路径
+#Full profile path
 full_cfg_dir=../rule/full/index
-#json模式时json文件路径
+#Json file path when json schema is used
 pxy_obj_keyring=../conf/pxy_obj_keyring.json
 [LIBEVENT]
-#本地监控端口号，默认为9991
+#Local monitor port number, default is 9991
 port = 9991
 [CERTSTORE_REDIS]
-#本地存储证书的Redis服务器IP地址和端口号
+#The Redis server IP address and port number where the certificate is stored locally
 ip = 127.0.0.1
 port = 6379
 [MAAT_REDIS]
-#Maat监控的Redsi服务器IP地址和端口号
+#Maat monitors the Redsi server IP address and port number
 ip = 192.168.11.243
 port = 6379
 dbindex = 4
diff --git a/src/package/r3_certstore1.0 b/src/package/r3_certstore1.0
index fda3ef9..8595fc1 100644
--- a/src/package/r3_certstore1.0
+++ b/src/package/r3_certstore1.0
@@ -11,7 +11,7 @@ while [ 1 ]; do
                 ulimit -c 0
         fi
 
-	./certstore1.0 --normal  2>&1
+    ./certstore1.0 --normal > /dev/null
 	echo program crashed, restart at `date +"%w %Y/%m/%d, %H:%M:%S"` >> RESTART.log
     sleep 10
 done
diff --git a/src/package/run.sh b/src/package/run.sh
deleted file mode 100644
index c0a74ab..0000000
--- a/src/package/run.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/bash
-
-./bin/certstore1.0 --daemon
diff --git a/src/rt/rt_tmr.h b/src/rt/rt_tmr.h
index 27318bd..3368f79 100644
--- a/src/rt/rt_tmr.h
+++ b/src/rt/rt_tmr.h
@@ -8,7 +8,7 @@
 #ifndef _RT_TMR_H
 #define _RT_TMR_H
 
-//#define RT_TMR_ADVANCED
+#define RT_TMR_ADVANCED
 
 extern void tmr_start(uint32_t uid);
 extern void tmr_stop(uint32_t uid);
diff --git a/src/script/signssl.sh b/src/script/signssl.sh
new file mode 100644
index 0000000..44033e7
--- /dev/null
+++ b/src/script/signssl.sh
@@ -0,0 +1,94 @@
+#!/bin/bash
+
+type_name=$1
+name=$2
+
+caform=$3
+caname=$4
+
+cakeyform=$5
+cakey=$6
+
+do_help()
+{
+	echo "./signssl -type cert_name -cafrom ca_name -cakeyfrom key_name"
+	echo "usage: ./signssl args"
+	echo "  -type cert_name 	  - input type     (-middle, -entity)"
+	echo "  -cafrom ca_name     - input ca_name  (root certificate)"
+	echo "  -cakeyfrom key_name - input key_name (the root keys)"
+	exit
+}
+
+do_mkdir()
+{
+	if [ ! -d "./demoCA" ]; then
+		mkdir demoCA
+        mkdir ./demoCA/newcerts
+        touch ./demoCA/index.txt
+        touch ./demoCA/serial
+        echo 0001 >> ./demoCA/serial
+    fi
+}
+
+do_check()
+{
+	if [ "$type_name" == "" ]||[ "$name" == "" ]; then
+		echo "certificate type is unkone!"
+		do_help
+		exit
+    fi
+	if [ "$caform" != "-cafrom" ] || [ "$caname" == "" ]; then
+		echo "root certificate name is unkone!"
+		do_help
+		exit
+    fi
+	if [ "$cakeyform" != "-cakeyfrom" ] || [ "$cakey" == "" ]; then
+		echo "root certificate keys is unkone!"
+		do_help
+		exit
+    fi
+}
+
+do_middle()
+{
+	if [ ! -d "./middle" ]; then
+		mkdir middle
+    fi
+	openssl genrsa -out ${name}.key 1024
+	openssl req -new -key ${name}.key -out ${name}.csr
+	openssl ca -extensions v3_ca -in ${name}.csr -out ${name}.pem -cert ${caname} -keyfile ${cakey} -days 365 -policy policy_anything
+	openssl pkcs12 -export -in ${name}.pem -inkey ${name}.key -chain -CAfile ${caname} -out ${name}.p12
+    mv ${name}.*  middle
+}
+
+do_entity()
+{
+	if [ ! -d ".entity" ];then
+		mkdir entity
+	fi
+	openssl genrsa -out ${name}.pem 1024
+	openssl rsa -in ${name}.pem -out ${name}.key
+	openssl req -new -key ${name}.pem -out ${name}.csr 
+	openssl x509 -req -days 365 -sha256 -extfile /etc/pki/tls/openssl.cnf -extensions v3_req -CA ${caname} -CAkey ${cakey} -CAserial ca.srl -CAcreateserial -in ${name}.csr -out ${name}.cer
+	
+	openssl pkcs12 -export -in ${name}.cer -inkey ${name}.key -chain -CAfile ${caname} -out ${name}.p12
+	
+	mv ${name}.*  entity
+}
+
+do_signssl()
+{
+	if [ "$type_name" == "-middle" ]; then
+		do_middle
+		exit
+    fi
+	if [ "$type_name" == "-entity" ]; then
+		do_entity
+		exit
+    fi
+}
+
+do_check 
+do_mkdir
+do_signssl
+
diff --git a/src/script/tarball.sh b/src/script/tarball.sh
index 0b32967..d890d85 100644
--- a/src/script/tarball.sh
+++ b/src/script/tarball.sh
@@ -12,6 +12,7 @@ do_mkdir(){
     rm $X -rf
     mkdir $X
     mkdir $X/cert
+    mkdir $X/tool
 }
 
 do_copy(){
@@ -20,6 +21,8 @@ do_copy(){
     cp ../rule/ $X -rf
     cp ../src/cert_store $X/certstore1.0
     cp ../src/package/* $X
+    cp ../src/script/signssl.sh $X/tool
+    cp ../src/script/x509 $X/tool   
 }
 
 do_tarball(){
diff --git a/src/script/x509 b/src/script/x509
new file mode 100644
index 0000000..f39b17b
Binary files /dev/null and b/src/script/x509 differ