diff --git a/README.md b/README.md
index b37f2e9..9585078 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,8 @@ This toolkit allows you to manage a personal PKI through various bash scripts.
   - Redhat 10
 - Packages
   - sqlite
-
+  - litecli sqlite text client (`pip3 install litecli`)  
+Not essential for the tools to work, but could be handy
 ## Installation
 ```bash
 git clone https://gitweb.dyndns.org/scripts/own-ski.git
diff --git a/bin/generate-cert.sh b/bin/generate-cert.sh
index 7f39d0a..7dbd1d9 100755
--- a/bin/generate-cert.sh
+++ b/bin/generate-cert.sh
@@ -301,47 +301,41 @@ check_rc $?
 echo -e -n "\nVerify the validity of ${GREEN}$CERTS_TMP_PATH/${COMMON_NAME}.crt${NC} using the trust chain: "
 openssl verify -CAfile $CRT_CA_PATH/$CA_CRT $CERTS_TMP_PATH/$COMMON_NAME.crt > /dev/null 2>&1
 check_rc $?
+
 # get validity date
-notBefore=$(openssl x509 -noout -in $CERTS_TMP_PATH/${COMMON_NAME}.crt -startdate | cut -d'=' -f2)
-notAfter=$(openssl x509 -noout -in $CERTS_TMP_PATH/${COMMON_NAME}.crt -enddate | cut -d'=' -f2)
+NOT_BEFORE=$(openssl x509 -noout -in $CERTS_TMP_PATH/${COMMON_NAME}.crt -startdate | cut -d'=' -f2)
+NOT_AFTER=$(openssl x509 -noout -in $CERTS_TMP_PATH/${COMMON_NAME}.crt -enddate | cut -d'=' -f2)
 
-
-
-
-exit
 # check if commonName already exist on db
 echo -e -n "\nCheck if ${GREEN}${COMMON_NAME}${NC} exist in DB: "
-recordExist=$(sqlite3 $dbCertFile "SELECT EXISTS(SELECT 1 FROM certs WHERE common_name='${COMMON_NAME}');")
-rc="$?" 
-[ "$rc" != "0" ] && { echo -e "${RED}Error reading the database (RC:$rc - $recordExist)${NC}"; exit; } || echo -e "${GREEN}Ok${NC}"
+recordExist=$(sqlite3 $DB_PATH "SELECT EXISTS(SELECT 1 FROM certs WHERE common_name='${COMMON_NAME}');")
+check_rc $?
 
 if [ "$recordExist" == "1" ]; then
     echo -e -n "Update ${ORANGE}${COMMON_NAME}${NC} in DB: "
-    sqlite3 $dbCertFile <<EOF
-UPDATE certs SET san_dns = '$dnsLine',
-    san_ip = '$ipLine', 
+    sqlite3 $DB_PATH <<EOF
+UPDATE certs SET san_dns = '$DNS_LINE',
+    san_ip = '$IP_LINE', 
     cert_key = readfile('${CERTS_TMP_PATH}/${COMMON_NAME}.key'),
     cert_csr = readfile('${CERTS_TMP_PATH}/${COMMON_NAME}.csr'),
     cert_crt = readfile('${CERTS_TMP_PATH}/${COMMON_NAME}.crt'),
-    not_valid_before = '$notBefore',
-    not_valid_after = '$notAfter'
+    not_valid_before = '$NOT_BEFORE',
+    not_valid_after = '$NOT_AFTER'
 WHERE common_name = '${COMMON_NAME}';
 EOF
-    rc="$?"
-    [ "$rc" != "0" ] && { echo -e "${RED}Error updating record in the database (RC:$rc - $recordExist)${NC}"; exit; } || echo -e "${GREEN}Ok${NC}"
+    check_rc $?
 else
     echo -e -n "Add ${ORANGE}${COMMON_NAME}${NC} in DB: "
-    sqlite3 $dbCertFile <<EOF
+    sqlite3 $DB_PATH <<EOF
 INSERT INTO certs (common_name,san_dns,san_ip,cert_key,cert_csr,cert_crt,not_valid_before,not_valid_after)
-VALUES ('${COMMON_NAME}', '$dnsLine','$ipLine',
+VALUES ('${COMMON_NAME}', '$DNS_LINE','$IP_LINE',
     readfile('${CERTS_TMP_PATH}/${COMMON_NAME}.key'),
     readfile('${CERTS_TMP_PATH}/${COMMON_NAME}.csr'),
     readfile('${CERTS_TMP_PATH}/${COMMON_NAME}.crt'),
-    '$notBefore',
-    '$notAfter')
+    '$NOT_BEFORE',
+    '$NOT_AFTER')
 EOF
-    rc="$?"
-    [ "$rc" != "0" ] && { echo -e "${RED}Error writing record in the database (RC:$rc - $recordExist)${NC}"; exit; } || echo -e "${GREEN}Ok${NC}"
+    check_rc $?
 fi
 
 }
diff --git a/bin/install.sh b/bin/install.sh
index 22419db..56a3724 100755
--- a/bin/install.sh
+++ b/bin/install.sh
@@ -64,7 +64,7 @@ EOF
 # path resolution 
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 ROOT_DIR="$(dirname "$SCRIPT_DIR")"
-ETC_PATH="/etc/own-pki"
+CONF_PATH="/etc/own-pki"
 ENABLE_COLOR=true
 BIN_PATH="/opt/own-pki"
 DB_PATH="/var/lib/own-pki/certificates.db"
@@ -121,17 +121,35 @@ main(){
         msg_warn "$BIN_PATH/bin already exists!"
     fi
     
-    echo -e -n "Create $ETC_PATH: "
-    if [ ! -d "$ETC_PATH" ]; then
-        mkdir -p $ETC_PATH 2>/dev/null
+    echo -e -n "Create $BIN_PATH/config: "
+    if [ ! -d "$BIN_PATH/config" ]; then
+        mkdir -p $BIN_PATH/config 2>/dev/null
         check_rc $?
     else 
-        msg_warn "$ETC_PATH already exists!"
+        msg_warn "$BIN_PATH/config already exists!"
+    fi
+
+    echo -e -n "Create $CONF_PATH: "
+    if [ ! -d "$CONF_PATH" ]; then
+        mkdir -p $CONF_PATH 2>/dev/null
+        check_rc $?
+    else 
+        msg_warn "$CONF_PATH already exists!"
     fi
 
 # copy config file
-    echo -e -n "Copy ${ORANGE}$ROOT_DIR/config/own-pki.conf${NC} to ${ETC_PATH}/: "
-    cp "$ROOT_DIR/config/own-pki.conf" "${ETC_PATH}/."
+    echo -e -n "Copy ${ORANGE}$ROOT_DIR/config/default.conf${NC} to $BIN_PATH/config: "
+    cp "$ROOT_DIR/config/default.conf" "$BIN_PATH/config/."
+    check_rc $?
+
+# copy config file
+    echo -e -n "Copy ${ORANGE}$ROOT_DIR/config/default.conf${NC} to $BIN_PATH/config: "
+    cp "$ROOT_DIR/config/default.conf" "$BIN_PATH/config/."
+    check_rc $?
+
+# copy config file
+    echo -e -n "Copy ${ORANGE}$ROOT_DIR/config/ca-config.tmpl${NC} to ${BIN_PATH}/config: "
+    cp "$ROOT_DIR/config/ca-config.tmpl" "${BIN_PATH}/config/."
     check_rc $?
 
 # create DB
diff --git a/config/ca-config b/config/ca-config
deleted file mode 100644
index b1b6c52..0000000
--- a/config/ca-config
+++ /dev/null
@@ -1,102 +0,0 @@
-HOME            = .
-RANDFILE        = $ENV::HOME/.rnd
-oid_section     = new_oids
-
-[ new_oids ]
-
-[ ca ]
-default_ca  = CA_default        # The default ca section
-[ CA_default ]
-dir     = .     # Where everything is kept
-certs       = $dir/certs        # Where the issued certs are   kept
-crl_dir     = $dir/crl      # Where the issued crl are kept
-database    = $dir/dbca/index.txt   # database index file.
-new_certs_dir   = $dir/newcerts     # default place for new certs.
-certificate = $dir/cacert.pem   # The CA certificate
-serial      = $dir/serial/serial        # The current serial number
-crl     = $dir/crl.pem      # The current CRL
-private_key = $dir/private/cakey.pem# The private key
-RANDFILE    = $dir/private/.rand    # private random number file
-x509_extensions = usr_cert      # The extentions to add to the cert
-default_days    = 365           # how long to certify for
-default_crl_days= 30            # how long before next CRL
-default_md  = md5           # which md to use.
-preserve    = no            # keep passed DN ordering
-policy      = policy_match
-
-[ policy_match ]
-countryName     = match
-stateOrProvinceName = match
-organizationName    = match
-organizationalUnitName  = optional
-commonName      = supplied
-emailAddress        = optional
-
-[ policy_anything ]
-countryName     = optional
-stateOrProvinceName = optional
-localityName        = optional
-organizationName    = optional
-organizationalUnitName  = optional
-commonName      = supplied
-emailAddress        = optional
-
-[ req ]
-default_bits        = 1024
-default_keyfile     = privkey.pem
-distinguished_name  = req_distinguished_name
-attributes      = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-string_mask = nombstr
-
-[ req_distinguished_name ]
-countryName         = Country Name (2 letter code)
-countryName_default     = CH
-countryName_min         = 2
-countryName_max         = 2
-
-stateOrProvinceName     = State or Province Name (full name)
-stateOrProvinceName_default = Vaud
-
-localityName            = Locality Name (eg, city)
-localityName_default        = Nyon
-
-0.organizationName      = Organization Name (eg, company)
-0.organizationName_default  = GMO Lab (gmolab)
-
-organizationalUnitName      = Organizational Unit Name (eg, section)
-
-organizationalUnitName_default  = ITCS (Information Technology and Communications Service)
-
-commonName          = Common Name (eg, YOUR name)
-commonName_default  = 
-commonName_max          = 64
-
-emailAddress            = Email Address
-emailAddress_default        = example@example.com
-emailAddress_max        = 40
-
-[ req_attributes ]
-challengePassword       = A challenge password
-challengePassword_min       = 4
-challengePassword_max       = 20
-
-unstructuredName        = An optional company name
-
-[ usr_cert ]
-basicConstraints=CA:FALSE
-nsComment           = "OpenSSL Generated Certificate"
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-[ v3_req ]
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-basicConstraints = CA:true
-
-[ crl_ext ]
-authorityKeyIdentifier=keyid:always,issuer:always
\ No newline at end of file
diff --git a/config/default.conf b/config/default.conf
index 6b08636..6e3b2c0 100644
--- a/config/default.conf
+++ b/config/default.conf
@@ -46,4 +46,7 @@ DEBUG=false
 ASSUME_YES=0
 
 # Temp path for certificates files
-CERTS_TMP_PATH=/tmp/ca
\ No newline at end of file
+CERTS_TMP_PATH=/tmp/ca
+
+# Databse
+DB_PATH=/var/lib/own-pki/certificates.db
\ No newline at end of file