diff --git a/certs/README.md b/certs/README.md
deleted file mode 100644
index 8e441f5f..00000000
--- a/certs/README.md
+++ /dev/null
@@ -1,4 +0,0 @@
-# 国密证书库
-
-
-
diff --git a/certs/ca/Ant Financial Certification Authority S1.pem b/demos/certs/ca/Ant Financial Certification Authority S1.pem
similarity index 100%
rename from certs/ca/Ant Financial Certification Authority S1.pem
rename to demos/certs/ca/Ant Financial Certification Authority S1.pem
diff --git a/certs/ca/TJCA.pem b/demos/certs/ca/TJCA.pem
similarity index 100%
rename from certs/ca/TJCA.pem
rename to demos/certs/ca/TJCA.pem
diff --git a/certs/ca/Taier CA.pem b/demos/certs/ca/Taier CA.pem
similarity index 100%
rename from certs/ca/Taier CA.pem
rename to demos/certs/ca/Taier CA.pem
diff --git a/certs/crl/Civil Servant ROOT.crl b/demos/certs/crl/Civil Servant ROOT.crl
similarity index 100%
rename from certs/crl/Civil Servant ROOT.crl
rename to demos/certs/crl/Civil Servant ROOT.crl
diff --git a/certs/crl/Device ROOT.crl b/demos/certs/crl/Device ROOT.crl
similarity index 100%
rename from certs/crl/Device ROOT.crl
rename to demos/certs/crl/Device ROOT.crl
diff --git a/certs/crl/ROOTCA.crl b/demos/certs/crl/ROOTCA.crl
similarity index 100%
rename from certs/crl/ROOTCA.crl
rename to demos/certs/crl/ROOTCA.crl
diff --git a/certs/rootca/Civil Servant ROOT.pem b/demos/certs/rootca/Civil Servant ROOT.pem
similarity index 100%
rename from certs/rootca/Civil Servant ROOT.pem
rename to demos/certs/rootca/Civil Servant ROOT.pem
diff --git a/certs/rootca/Device ROOT.pem b/demos/certs/rootca/Device ROOT.pem
similarity index 100%
rename from certs/rootca/Device ROOT.pem
rename to demos/certs/rootca/Device ROOT.pem
diff --git a/certs/rootca/ROOTCA.pem b/demos/certs/rootca/ROOTCA.pem
similarity index 100%
rename from certs/rootca/ROOTCA.pem
rename to demos/certs/rootca/ROOTCA.pem
diff --git a/demos/scripts/certs.sh b/demos/scripts/certs.sh
new file mode 100755
index 00000000..dc6f250c
--- /dev/null
+++ b/demos/scripts/certs.sh
@@ -0,0 +1,24 @@
+#!/bin/bash -x
+
+cd ../certs
+
+gmssl certparse -in "rootca/Civil Servant ROOT.pem"
+gmssl certverify -in "rootca/Civil Servant ROOT.pem" -cacert "rootca/Civil Servant ROOT.pem"
+gmssl crlparse -in "crl/Civil Servant ROOT.crl"
+gmssl crlverify -in "crl/Civil Servant ROOT.crl" -cacert "rootca/Civil Servant ROOT.pem"
+
+gmssl certparse -in "rootca/Device ROOT.pem"
+gmssl certverify -in "rootca/Device ROOT.pem" -cacert "rootca/Device ROOT.pem"
+gmssl crlparse -in "crl/Device ROOT.crl"
+gmssl crlverify -in "crl/Device ROOT.crl" -cacert "rootca/Device ROOT.pem"
+
+gmssl certparse -in "rootca/ROOTCA.pem"
+gmssl certverify -in "rootca/ROOTCA.pem" -cacert "rootca/ROOTCA.pem"
+gmssl crlparse -in "crl/ROOTCA.crl"
+gmssl crlverify -in "crl/ROOTCA.crl" -cacert "rootca/ROOTCA.pem" # now > next_update
+
+# The CRL URI of ROOTCA.pem is in Base64 format, not DER
+gmssl certverify -in "ca/TJCA.pem" -cacert "rootca/Civil Servant ROOT.pem" #-check_crl
+gmssl certverify -in "ca/Taier CA.pem" -cacert "rootca/ROOTCA.pem" #-check_crl
+gmssl certverify -in "ca/Ant Financial Certification Authority S1.pem" -cacert "rootca/ROOTCA.pem" #-check_crl
+