self-signed cert with san
step needed to make san cert
$ openssl genrsa -out server.key 4096
$ openssl rsa -in server.key -out server.key.insecure
$ openssl req -new -key server.key -out server.csr -sha256
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crtcsr with san
$ openssl req -new -sha256 \
-key server.key \
-subj "/C=US/ST=Oregon/L=Portland/O=EXA/OU=MPL/CN=exa.mpl" \
-reqexts SAN \
-config <(cat /etc/ssl/openssl.cnf \
<(printf "[SAN]\nsubjectAltName=DNS:exa.mpl,DNS:www.exa.mpl")) \
-out server.csr $ openssl req -new -config <(
cat <<-EOF
[req]
default_bits = 2048
prompt = no
default_md = sha1
req_extensions = req_ext
distinguished_name = dn
[ dn ]
CN = example.com
[ req_ext ]
subjectAltName = ...
EOF
) ...