diff --git a/gencert.sh b/gencert.sh
index 58f0f35..d255457 100755
--- a/gencert.sh
+++ b/gencert.sh
@@ -2,7 +2,7 @@
 # Filename: gencert.sh
 # Description: This script generates x509 server certificate (with all IPs in
 #              SAN) signed by a self-signed CA.
-# Version: 1.2 - 2018 July 15
+# Version: 1.3 - 2018 July 15
 # Author: Andrey Arapov <andrey.arapov@nixaid.com>
 # License: GPLv3
 
@@ -10,16 +10,18 @@ ME=$(printf '%s\n' "${0##*/}")
 
 print_help() {
   printf "[${ME}] HELP: I accept following arguments:
-  --help     - show this message
-  --cn       - certificate's CN name\t\t(MANDATORY)
-  --key      - server key name\t\t\t(default: private.key)
-  --cert     - server cert name\t\t\t(default: public.crt)
-  --days     - server cert expiration in days\t(default: 365)
-  --cakey    - CA key name\t\t\t(default: ca.key)
-  --ca       - CA cert name\t\t\t(default: ca.crt)
-  --cadays   - CA cert expiration in days\t(default: 3650)\n
-  --nosan    - do not write SAN records\n
-  --debug    - show extra information\n"
+  --help      - show this message
+  --cn        - certificate's CN name\t\t(MANDATORY)
+  --key       - server key name\t\t\t(default: private.key)
+  --cert      - server cert name\t\t\t(default: public.crt)
+  --days      - server cert expiration in days\t(default: 365)
+  --cakey     - CA key name\t\t\t(default: ca.key)
+  --ca        - CA cert name\t\t\t(default: ca.crt)
+  --cadays    - CA cert expiration in days\t(default: 3650)\n
+  --nosan     - do not write SAN records\n
+  --debug     - show extra information\n
+  --rsa       - generate RSA keys instead of ECDSA\n
+  --rsa-size  - set RSA key size\n"
 }
 
 #  Parse command line arguments
@@ -31,7 +33,7 @@ parse_arguments() {
   
   # read arguments
   opts=$(getopt \
-      --longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:,nosan,debug" \
+      --longoptions "help,cn:,key:,cert:,days:,cakey:,ca:,cadays:,nosan,debug,rsa,rsa-size:" \
       --name "$(basename "$0")" \
       --options "" \
       -- "$@"
@@ -83,11 +85,21 @@ parse_arguments() {
   
       --nosan)
         ARG_NOSAN=1
-        shift 2
+        shift 1
         ;;
 
       --debug)
         ARG_DEBUG=1
+        shift 1
+        ;;
+
+      --rsa)
+        ARG_RSA=1
+        shift 1
+        ;;
+
+      --rsa-size)
+        ARG_RSA_SIZE=$2
         shift 2
         ;;
   
@@ -104,7 +116,7 @@ parse_arguments() {
   fi
   
   # For debugging purposes
-  if [ $ARG_DEBUG -eq 1 ]; then
+  if [ "${ARG_DEBUG}" -eq 1 ]; then
     echo ARG_CN=$ARG_CN
     echo ARG_KEY=$ARG_KEY
     echo ARG_CERT=$ARG_CERT
@@ -114,18 +126,24 @@ parse_arguments() {
     echo ARG_CADAYS=$ARG_CADAYS
     echo ARG_NOSAN=$ARG_NOSAN
     echo ARG_DEBUG=$ARG_DEBUG
+    echo ARG_RSA=$ARG_RSA
+    echo ARG_RSA_SIZE=$ARG_RSA_SIZE
   fi
   
   #  prepare common variables
   ##
   
   OPENSSL_CONFIG="openssl.cnf"
+  CN="${ARG_CN}"
   CA_KEY="${ARG_CAKEY:-ca.key}"
   CA_CERT="${ARG_CA:-ca.crt}"
   CA_DAYS="${ARG_CADAYS:-3650}"
   SERVER_KEY="${ARG_KEY:-private.key}"
   SERVER_CERT="${ARG_CERT:-public.crt}"
   DAYS="${ARG_DAYS:-365}"
+  DEBUG="${ARG_DEBUG}"
+  RSA="${ARG_RSA}"
+  RSA_SIZE="${ARG_RSA_SIZE:-2048}"
 }
 
 #  install openssl
@@ -214,7 +232,7 @@ basicConstraints = CA:FALSE
 keyUsage = critical, digitalSignature, keyEncipherment
 extendedKeyUsage = serverAuth"
 
-  if [ -z $ARG_NOSAN ]; then
+  if [ -z "$ARG_NOSAN" ]; then
     # Gather IPs for SAN
     
     i=1
@@ -232,7 +250,11 @@ extendedKeyUsage = serverAuth"
 
 gen_ca() {
   echo "[${ME}] Generating new CA: ${CA_KEY} / ${CA_CERT} ..."
-  openssl ecparam -name prime256v1 -genkey -noout -out "${CA_KEY}"
+  if [ -z "${RSA}" ]; then
+    openssl ecparam -name prime256v1 -genkey -noout -out "${CA_KEY}"
+  else
+    openssl genrsa -out "${CA_KEY}" "${RSA_SIZE}"
+  fi
   chmod 0600 "${CA_KEY}"
   openssl req -x509 -new -sha256 -nodes -key "${CA_KEY}" -days "${CA_DAYS}" -out "${CA_CERT}" \
               -subj "/CN=my-CA"  -extensions v3_ca -config "${OPENSSL_CONFIG}"
@@ -243,9 +265,13 @@ gen_ca() {
 
 gen_server_x509() {
   echo "[${ME}] Generating new server x509: ${SERVER_KEY} / ${SERVER_CERT} ..."
-  openssl ecparam -name prime256v1 -genkey -noout -out "${SERVER_KEY}"
+  if [ -z "${RSA}" ]; then
+    openssl ecparam -name prime256v1 -genkey -noout -out "${SERVER_KEY}"
+  else
+    openssl genrsa -out "${SERVER_KEY}" "${RSA_SIZE}"
+  fi
   chmod 0600 "${SERVER_KEY}"
-  openssl req -new -sha256 -key "${SERVER_KEY}" -subj "/CN=${ARG_CN}" \
+  openssl req -new -sha256 -key "${SERVER_KEY}" -subj "/CN=${CN}" \
     | openssl x509 -req -sha256 -CA "${CA_CERT}" -CAkey "${CA_KEY}" -CAcreateserial \
                    -out ${SERVER_CERT} -days "${DAYS}" \
                    -extensions v3_req_server -extfile "${OPENSSL_CONFIG}"
diff --git a/testme.sh b/testme.sh
index 8f8a576..214851f 100755
--- a/testme.sh
+++ b/testme.sh
@@ -1,5 +1,19 @@
 #!/bin/bash
-set -e
+
+trap handle_term SIGINT SIGTERM
+
+handle_term() {
+  echo "** Received SIGINT/SIGTERM signal"
+  cleanup;
+}
+
+cleanup() {
+  echo "** Cleaning up ..."
+  echo "WARNING, I am going to remove ${TMPDIR} entirely in 5 seconds!"
+  sleep 5
+  rm -rf "${TMPDIR}"
+  exit 0;
+}
 
 TMPDIR="$(mktemp -d)"
 cp -v gencert.sh "${TMPDIR}/"
@@ -8,11 +22,9 @@ pushd "${TMPDIR}"
 for DISTRO in alpine:3.4 alpine:3.7 ubuntu:bionic debian:stretch centos:7; do
   printf "\n\n\nTesting the script with ${DISTRO} ...\n\n\n"
   rm -vf openssl.cnf private.key public.crt ca.crt ca.key ca.srl
-  docker run --rm -ti -v ${PWD}:/w -w /w ${DISTRO} sh gencert.sh --cn test.example.com --debug
+  docker run --rm -t -v ${PWD}:/w -w /w ${DISTRO} sh gencert.sh --cn test.example.com $@
   printf "\n\n\n"
 done
 
 popd
-echo "WARNING, I am going to remove ${TMPDIR} entirely in 5 seconds!"
-sleep 5
-rm -rf "${TMPDIR}"
+cleanup;