diff --git a/utils/README.md b/utils/README.md
index b1b8db1deb0a9f83e5a793880372278dcebb71b6..6a83b3361e6a28cf95e6619a474cb93c483e01cc 100644
--- a/utils/README.md
+++ b/utils/README.md
@@ -209,4 +209,91 @@ Generate configuration file config.json
 
 optional arguments:
   -h, --help  show this help message and exit
+```
+
+## Generate test certificates `/utils/generate_certs.sh`
+The script `/utils/generate_certs.sh` can be used to generate certificates `root-certificate.cert`, `reverse-proxy.cert`, `reverse-proxy.key` for testing Connector and Einstein connection.
+
+### Usage
+
+The user should change directory into the `/utils` folder first. Then they should modify the parameters `PASSPHRASE`, `IP`, and `DNS`. `PASSPHRASE` is the password of the generated `root-certificate.cert`. If the host machine that uses the generated `reverse-proxy.cert` certificate is accessible via an IP address, then the `IP` variable should be specified. On the other hand, if it is accessible via custom DNS, then the `DNS` variable should be specified. Other parameters can also be modified if wished but this is not required.
+```
+cd ./utils
+./generate_certs.sh
+```
+
+If no other parameters are changed, then the subfolder `/certs` is created. The following files are generated:
+```
+reverse-proxy.cert
+reverse-proxy.csr
+reverse-proxy.ext
+reverse-proxy.key
+root-certificate.cert
+root-certificate.key
+root-certificate.srl
+```
+The files `root-certificate.cert`, `reverse-proxy.cert`, `reverse-proxy.key` can then be copied in the Connector folder `/data-transfer`. To issue another certificate for Einstein under the same root certificate, the user should update the parameters (e.g. IP address, if necessary) and then retrigger the script. Assuming that the `root-certificate.cert` has not been removed, it will create new reverse-proxy files that should then be copied, together with the used `root-certificate.cert` in the folder `/data-transfer` in Einstein.
+
+### Example
+
+Configure parameters, for example:
+```
+PASSPHRASE="my-root-password"
+IP="172.28.154.13"
+DNS="" 
+```
+
+Create root certificate and issue reverse-proxy certificates
+
+```
+cd ./utils
+./generate_certs.sh
+```
+
+Output
+
+```
+Root CA certificate not found. Creating a new one...
+Generating RSA private key, 2048 bit long modulus (2 primes)
+........................+++++
+........................................+++++
+e is 65537 (0x010001)
+Generating RSA private key, 2048 bit long modulus (2 primes)
+................................................................+++++
+...+++++
+e is 65537 (0x010001)
+Signature ok
+subject=C = CH, ST = ZH, L = Zurich, O = SIB, OU = SPHN, CN = Reverse proxy certificate
+Getting CA Private Key
+```
+
+Copy generated files into Connector `/data-transfer` folder:
+```
+cp ./certs/root-certificate.cert ../data-transfer
+cp ./certs/reverse-proxy.cert ../data-transfer
+cp ./certs/reverse-proxy.key ../data-transfer
+```
+
+Update parameters if necessary and generate reverse-proxy files for Einstein:
+```
+./generate_certs.sh
+```
+
+Output:
+```
+Root CA certificate already exists. Skipping creation.
+Generating RSA private key, 2048 bit long modulus (2 primes)
+........................................................+++++
+.............................................................+++++
+e is 65537 (0x010001)
+Signature ok
+subject=C = CH, ST = ZH, L = Zurich, O = SIB, OU = SPHN, CN = Reverse proxy certificate
+Getting CA Private Key
+```
+
+Copy generated files into Einstein `/data-transfer` folder:
+```
+cp ./certs/root-certificate.cert /einstein-repo-path/data-transfer
+cp ./certs/reverse-proxy.cert /einstein-repo-path/data-transfer
+cp ./certs/reverse-proxy.key /einstein-repo-path/data-transfer
 ```
\ No newline at end of file
diff --git a/utils/generate_certs.sh b/utils/generate_certs.sh
new file mode 100755
index 0000000000000000000000000000000000000000..037673d35bb68549a5c7f83e9209390db7fe91f8
--- /dev/null
+++ b/utils/generate_certs.sh
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+# Set variables
+CERTS_DIR="certs"
+ROOT_CA_KEY="$CERTS_DIR/root-certificate.key"
+ROOT_CA_CERT="$CERTS_DIR/root-certificate.cert"
+ROOT_CA_SERIAL="$CERTS_DIR/root-certificate.srl"
+SERVER_KEY="$CERTS_DIR/reverse-proxy.key"
+SERVER_CSR="$CERTS_DIR/reverse-proxy.csr"
+SERVER_CERT="$CERTS_DIR/reverse-proxy.cert"
+EXT_FILE="$CERTS_DIR/reverse-proxy.ext"
+DAYS_VALID=365
+KEY_SIZE=2048
+PASSPHRASE="password" # Update password of root certificate
+IP=""  # Update this with the actual IP address or leave empty. For example for local testing on Linux the IP address of the host where the Connector/Einstein is running (hostname -I)
+DNS="" # Update this with the actual DNS or leave empty. For example if the Connector/Einstein services are accessible via a customized DNS
+
+# Ensure the certs directory exists
+mkdir -p "$CERTS_DIR"
+
+# Function to create Root CA
+create_root_ca() {
+    # Create Root CA private key
+    openssl genrsa -des3 -out $ROOT_CA_KEY -passout pass:$PASSPHRASE $KEY_SIZE 
+
+    # Create a self-signed Root CA certificate
+    openssl req -x509 -new -nodes -key $ROOT_CA_KEY -sha256 -days $DAYS_VALID -out $ROOT_CA_CERT -passin pass:$PASSPHRASE -subj "/C=CH/ST=ZH/L=Zurich/O=SIB/OU=SPHN/CN=Root certificate"
+}
+
+# Function to issue a reverse proxy certificate
+issue_certificate() {
+
+    # Check if IP and DNS are defined
+    if [ -z "$IP" ] && [ -z "$DNS" ]; then
+        echo "Error: Either IP or DNS must be defined."
+        exit 1
+    fi
+
+    # Create reverse proxy private key
+    openssl genrsa -out $SERVER_KEY $KEY_SIZE
+
+    # Create a CSR for the reverse proxy
+    openssl req -new -key $SERVER_KEY -out $SERVER_CSR -subj "/C=CH/ST=ZH/L=Zurich/O=SIB/OU=SPHN/CN=Reverse proxy certificate"
+
+    # Create a configuration file for the certificate extension
+    echo "authorityKeyIdentifier=keyid,issuer" > $EXT_FILE
+    echo "basicConstraints=CA:FALSE" >> $EXT_FILE
+    echo "keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment" >> $EXT_FILE
+    echo "subjectAltName = @alt_names" >> $EXT_FILE
+    echo "[alt_names]" >> $EXT_FILE
+    
+    if [ -n "$IP" ]; then
+        echo "IP.1 = $IP" >> $EXT_FILE
+    fi
+    
+    if [ -n "$DNS" ]; then
+        echo "DNS.1 = $DNS" >> $EXT_FILE
+    fi
+
+    # Sign the reverse proxy CSR with the Root CA certificate
+    openssl x509 -req -in $SERVER_CSR -CA $ROOT_CA_CERT -CAkey $ROOT_CA_KEY -CAcreateserial \
+    -out $SERVER_CERT -days $DAYS_VALID -sha256 -extfile $EXT_FILE -passin pass:$PASSPHRASE
+
+    # Set permissions for the reverse proxy key
+    chmod 644 $SERVER_KEY
+}
+
+# Check if Root CA certificate already exists
+if [ ! -f "$ROOT_CA_CERT" ]; then
+    echo "Root CA certificate not found. Creating a new one..."
+    create_root_ca
+else
+    echo "Root CA certificate already exists. Skipping creation."
+fi
+
+issue_certificate
\ No newline at end of file