rech weblog

Create CA secret key

openssl genrsa -aes256 -out ca.key 2048

Create CA cert

openssl req -new -x509 -nodes -days 365000 -key ca.key -out ca.crt

Create secret key and certificate request

openssl req -newkey rsa:2048 -days 365000 -nodes -keyout server.key -out server.csr

To have alternative hostname

openssl req -newkey rsa:2048 -days 365000 -nodes -keyout server.key -out server.csr -addext "subjectAltName=DNS:example.com,DNS:www.example.com"

Complete certificate request

openssl x509 -req -in server.csr -days 365000 -CA ca.crt -CAkey ca.key -copy_extensions copy -out server.crt

Create more requests with existing server key (adding new alt name for example)

openssl req -key server.key -out server.csr -addext "subjectAltName=DNS:example.com,DNS:www.example.com,DNS:manage.example.com"