diff --git a/src/main/java/de/mlessmann/certassist/models/Certificate.java b/src/main/java/de/mlessmann/certassist/models/Certificate.java
index f7a5997..93d9016 100644
--- a/src/main/java/de/mlessmann/certassist/models/Certificate.java
+++ b/src/main/java/de/mlessmann/certassist/models/Certificate.java
@@ -7,10 +7,12 @@ import java.util.ArrayList;
 import java.util.List;
 import lombok.AccessLevel;
 import lombok.Data;
+import lombok.RequiredArgsConstructor;
 import lombok.Setter;
 
 @Entity
 @Data
+@RequiredArgsConstructor
 public class Certificate {
 
     @Id
@@ -42,4 +44,10 @@ public class Certificate {
 
     @OneToMany(cascade = CascadeType.ALL, orphanRemoval = true)
     private List<CertificateExtension> certificateExtension = new ArrayList<>();
+
+    @Lob
+    private byte[] cert = new byte[0];
+
+    @Lob
+    private byte[] privateKey = new byte[0];
 }
diff --git a/src/main/java/de/mlessmann/certassist/service/CertificateCreationService.java b/src/main/java/de/mlessmann/certassist/service/CertificateCreationService.java
new file mode 100644
index 0000000..a2b6988
--- /dev/null
+++ b/src/main/java/de/mlessmann/certassist/service/CertificateCreationService.java
@@ -0,0 +1,70 @@
+package de.mlessmann.certassist.service;
+
+import de.mlessmann.certassist.except.CommandLineOperationException;
+import de.mlessmann.certassist.models.Certificate;
+import de.mlessmann.certassist.models.CertificateExtension;
+import de.mlessmann.certassist.models.CertificateType;
+import de.mlessmann.certassist.openssl.*;
+import de.mlessmann.certassist.repositories.CertificateRepository;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.util.List;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+
+@Service
+@RequiredArgsConstructor
+public class CertificateCreationService {
+
+    private final CertificateRepository certificateRepository;
+    private final OpenSSLCertificateCreator openSSLCertificateCreator;
+
+    public Certificate createCertificate(final CertificateRequest certificateRequest) {
+        final Certificate certificate = new Certificate();
+        certificate.setType(mapCertificateRequestType(certificateRequest.getType()));
+        certificate.setCommonName(certificateRequest.getCommonName());
+        certificate.setTrustingAuthority(certificateRequest.getTrustingAuthority());
+        certificate.setRequestedKeyLength(certificateRequest.getRequestedKeyLength());
+        certificate.setRequestedValidityDays(certificateRequest.getRequestedValidityDays());
+        final CertificateSubject certificateSubject = certificateRequest.getSubject();
+        certificate.setSubjectEmailAddress(certificateSubject.getEmailAddress());
+        certificate.setSubjectOrganization(certificateSubject.getOrganization());
+        certificate.setSubjectOrganizationalUnit(certificateSubject.getOrganizationalUnit());
+        certificate.setSubjectCountry(certificateSubject.getCountry());
+        certificate.setSubjectState(certificateSubject.getState());
+        certificate.setSubjectLocality(certificateSubject.getLocality());
+
+        final CertificateRequestExtension extension = certificateRequest.getExtension();
+        if (extension != null) {
+            final CertificateExtension certificateExtension = new CertificateExtension();
+            certificateExtension.setIdentifier("alternativeNames");
+            certificateExtension.setValue(String.join(",", extension.getAlternativeNames()));
+            certificate.setCertificateExtension(List.of(certificateExtension));
+        }
+
+        try (
+            OpenSSLCertificateResult certificateCreatorResult = openSSLCertificateCreator.createCertificate(
+                certificateRequest
+            );
+        ) {
+            certificate.setPrivateKey(Files.readAllBytes(certificateCreatorResult.getPrivateKeyPath()));
+            certificate.setCert(Files.readAllBytes(certificateCreatorResult.getCertificatePath()));
+        } catch (InterruptedException e) {
+            Thread.currentThread().interrupt();
+            throw new IllegalStateException("Interrupted exception", e);
+        } catch (CommandLineOperationException | IOException e) {
+            throw new IllegalStateException("Failed to create certificate!", e);
+        }
+
+        certificateRepository.save(certificate);
+        return certificate;
+    }
+
+    private CertificateType mapCertificateRequestType(CertificateRequest.RequestType requestType) {
+        return switch (requestType) {
+            case ROOT_AUTHORITY -> CertificateType.ROOT_CA;
+            case STANDALONE_CERTIFICATE -> CertificateType.STANDALONE_CERT;
+            case NORMAL_CERTIFICATE -> CertificateType.SIGNED_CERT;
+        };
+    }
+}