diff --git a/keygen.sh b/keygen.sh
new file mode 100755
index 0000000..ad1f6fe
--- /dev/null
+++ b/keygen.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+PASSWORD="abcd1234"
+VALIDITY_DAYS=365
+KEYS_DIR="ssl"
+DNAME="CN=localhost, OU=Dev, O=MyCompany, L=Seoul, C=KR"
+CA_DNAME="CN=My Kafka CA, OU=Dev, O=MyCompany, L=Seoul, C=KR"
+
+rm -rf ./${KEYS_DIR}
+mkdir ${KEYS_DIR}
+cd ${KEYS_DIR}
+
+keytool -genkeypair -alias ca -keyalg RSA -keysize 2048 -validity ${VALIDITY_DAYS} \
+  -keystore kafka.ca.keystore.jks \
+  -storepass ${PASSWORD} -keypass ${PASSWORD} -dname "${CA_DNAME}" \
+  -ext "BasicConstraints:critical=ca:true"
+
+keytool -exportcert -alias ca -file ca.crt \
+  -keystore kafka.ca.keystore.jks -storepass ${PASSWORD}
+
+keytool -genkeypair -alias broker -keyalg RSA -keysize 2048 -validity ${VALIDITY_DAYS} \
+  -keystore kafka.broker.keystore.jks \
+  -storepass ${PASSWORD} -keypass ${PASSWORD} -dname "${DNAME}"
+
+keytool -certreq -alias broker -file broker.csr \
+  -keystore kafka.broker.keystore.jks -storepass ${PASSWORD}
+
+keytool -gencert -alias ca -infile broker.csr -outfile broker.crt \
+  -keystore kafka.ca.keystore.jks -storepass ${PASSWORD} -validity ${VALIDITY_DAYS} \
+  -ext "SAN=dns:broker-1,dns:broker-2,dns:broker-3,dns:localhost" \
+  -ext "ExtendedKeyUsage=serverAuth,clientAuth"
+
+keytool -importcert -alias ca -file ca.crt \
+  -keystore kafka.broker.keystore.jks -storepass ${PASSWORD} -noprompt
+
+keytool -importcert -alias broker -file broker.crt \
+  -keystore kafka.broker.keystore.jks -storepass ${PASSWORD} -noprompt
+
+keytool -importcert -alias ca -file ca.crt \
+  -keystore kafka.broker.truststore.jks -storepass ${PASSWORD} -noprompt
+
+echo ${PASSWORD} > password
+
+rm ca.crt broker.csr broker.crt
+
+echo ""
+echo "🎉 SSL/TLS 키 파일 생성 완료"
\ No newline at end of file