diff --git a/bin/ssl b/bin/ssl
new file mode 100755
index 0000000..60ce748
--- /dev/null
+++ b/bin/ssl
@@ -0,0 +1,93 @@
+#!/usr/bin/env ruby
+
+require "fileutils"
+require "open3"
+
+def cmd(*cmd)
+  stdout, stderr, status = Open3.capture3(*cmd)
+  unless status.success?
+    warn "Command failed: #{cmd.join(' ')}"
+    warn stderr
+    exit status.exitstatus || 1
+  end
+  stdout
+end
+
+subcommand = ARGV.shift&.to_sym
+arg1 = ARGV[0] && ARGV[0] !~ /^-/ ? ARGV.shift : nil
+arg2 = ARGV[0] && ARGV[0] !~ /^-/ ? ARGV.shift : nil
+
+$domains = ["mediacenter.lan"]
+$ips = ["192.168.0.94"]
+
+
+### Setting up for client
+$cn   = $domains.first
+name = $cn.gsub("*", "wildcard") 
+
+dir = "certs"
+FileUtils.mkdir_p(dir)
+$key = File.join(dir, "#{name}.key.pem")
+$csr = File.join(dir, "#{name}.csr.pem")
+$crt = File.join(dir, "#{name}.crt.pem")
+$ext = File.join(dir, "#{name}.ext")
+############################
+
+### Setting up for CA
+
+$ca_name = "My Lab"
+
+#############################
+
+def create_CA
+    cmd "openssl", "genrsa", "-out", "rootCA.key.pem", "4096"
+    cmd "chmod", "600", "rootCA.key.pem"
+    cmd "openssl", "req", "-x509", "-new", "-nodes", "-key",
+               "rootCA.key.pem", "-sha256", "-days", "3650",
+               "-out", "rootCA.crt.pem",
+               "-subj", "/C=XX/ST=Lab/L=Local/O=#{$ca_name}/CN=#{$ca_name} Root CA"
+end
+
+def create_CSR
+    cmd "openssl", "genrsa", "-out", $key, "2048"
+    cmd "openssl", "req", "-new", "-key", $key, "-out", $csr, "-subj", "/CN=#{$cn}/O=#{$ca_name}"
+end
+
+def create_extfile
+    ext_lines = []
+    ext_lines << "basicConstraints=CA:FALSE"
+    ext_lines << "keyUsage=digitalSignature,keyEncipherment"
+    ext_lines << "extendedKeyUsage=serverAuth"
+    ext_lines << "subjectAltName=@alt_names"
+    ext_lines << "[alt_names]"
+
+    $domains.each_with_index do |d, i|
+        ext_lines << "DNS.#{i + 1}=#{d}"
+    end
+
+    $ips.each_with_index do |ip, j|
+        ext_lines << "IP.#{j + 1}=#{ip}"
+    end
+
+    File.write($ext, ext_lines.join("\n") + "\n")
+end
+
+def sign_with_CA
+    cmd "openssl", "x509", "-req", "-in", $csr,
+        "-CA", "rootCA.crt.pem", "-CAkey", "rootCA.key.pem",
+         "-CAcreateserial", "-out", $crt, "-days", "397", "-sha256",
+        "-extfile", $ext
+
+end
+
+case subcommand
+when :ca
+    create_CA
+when :csr
+    create_CSR
+when :casign
+    create_extfile
+    sign_with_CA
+else
+    puts "no command handler"
+end
\ No newline at end of file
diff --git a/bin/vm b/bin/vm
index 0675205..983fb1f 100755
--- a/bin/vm
+++ b/bin/vm
@@ -18,7 +18,8 @@ OptionParser.new do |opt|
   opt.on('--name NAME', 'Virtaul Machine name') do |name| 
     options.name = name
   end
-
+  # new from copy
+  # fetch from the server
 end.parse!
 
 
diff --git a/lib/virtual-machine.rb b/lib/virtual-machine.rb
index 2f5476d..3875625 100644
--- a/lib/virtual-machine.rb
+++ b/lib/virtual-machine.rb
@@ -28,7 +28,7 @@ module VirtualMachine
         
         Downloader.get(url) do |path|
             disk_img_path = File.join(User.cache_path, "vm", distro.to_s, arch.to_s, options[:name], "root.img")
-            create_disk_image(disk_img_path, 5000)
+            create_disk_image(disk_img_path, 15000)
             
             puts path
             puts disk_img_path