diff --git a/install/selfsign.sh b/install/selfsign.sh
index 696a127..e9ff6fd 100755
--- a/install/selfsign.sh
+++ b/install/selfsign.sh
@@ -36,11 +36,14 @@ EMAIL_ADDRESS=$7
 DNS_1=$8
 IP_1=${9}
 
+# 有效期 10 年, self-signed certificate will expire in 10 years
+DAYS=3650
+
 # 生成根證書的私鑰
 openssl genrsa -out ca.key 4096
 
 # 生成根證書
-openssl req -outform PEM -new -x509 -sha256 -key ca.key -extensions v3_ca -out ca.crt -subj "/C=$COUNTRY/ST=$STATE/L=$LOCALITY/O=$ORGANIZATION/OU=$ORGANIZATIONAL_UNIT/CN=$COMMON_NAME_CA/emailAddress=$EMAIL_ADDRESS"
+openssl req -outform PEM -new -x509 -sha256 -key ca.key -extensions v3_ca -out ca.crt -subj "/C=$COUNTRY/ST=$STATE/L=$LOCALITY/O=$ORGANIZATION/OU=$ORGANIZATIONAL_UNIT/CN=$COMMON_NAME_CA/emailAddress=$EMAIL_ADDRESS" -days ${DAYS}
 
 # 生成自簽名證書的私鑰
 openssl genrsa -out server.key 4096
@@ -59,7 +62,7 @@ IP.1 = $IP_1
 EOF
 
 # 生成自簽名證書
-openssl x509 -req -CA ca.crt -CAkey ca.key -in server.csr -out server.crt -extfile serverca.txt -sha256 -set_serial 0x1111
+openssl x509 -req -CA ca.crt -CAkey ca.key -in server.csr -out server.crt -extfile serverca.txt -sha256 -set_serial 0x1111 -days ${DAYS}
 
 # 查看文件
 ls
diff --git a/readme-cn.md b/readme-cn.md
index 11bc102..2704d7b 100644
--- a/readme-cn.md
+++ b/readme-cn.md
@@ -138,7 +138,7 @@ overtls -r client -c config.json
 
 ```bash
 wget https://raw.githubusercontent.com/shadowsocksr-live/overtls/master/install/selfsign.sh
-cat selfsign.sh
+head selfsign.sh -n 25
 chmod +x selfsign.sh
 ./selfsign.sh CN JiangSu ChangZhou MyGreatOrg Root_CA Server1 email@example.com example.com 123.45.67.89
 ```
diff --git a/readme.md b/readme.md
index cf07a4e..620709d 100644
--- a/readme.md
+++ b/readme.md
@@ -156,7 +156,7 @@ for testing purposes.
 
 ```bash
 wget https://raw.githubusercontent.com/shadowsocksr-live/overtls/master/install/selfsign.sh
-cat selfsign.sh
+head selfsign.sh -n 25
 chmod +x selfsign.sh
 ./selfsign.sh CN JiangSu ChangZhou MyGreatOrg Root_CA Server1 email@example.com example.com 123.45.67.89
 ```