diff --git a/cert-builder.sh b/cert-builder.sh
new file mode 100755
index 00000000..f28048b9
--- /dev/null
+++ b/cert-builder.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+# example based off https://www.endpoint.com/blog/2014/10/30/openssl-csr-with-alternative-names-one
+
+hostname="$1"
+hostname1=$hostname.local
+ipaddr=
+
+cat > tmp_csr_details.txt <<-EOF
+[req]
+default_bits = 2048
+prompt = no
+default_md = sha256
+req_extensions = req_ext
+distinguished_name = dn
+
+[ dn ]
+C=US
+ST=Washington
+L=Ferndale
+O=Candela Technologies, Inc.
+OU=LANforge
+emailAddress=support@candelatech.com
+CN = $hostname
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = $hostname1
+DNS.2 = $ipaddr
+EOF
+
+# Let’s call openssl now by piping the newly created file in
+openssl req -new -sha256 -nodes -out ${hostname}.csr -newkey rsa:2048\
+ -keyout ${hostname}.key -config <( cat temp_csr_details.txt )
+#