Step 1
Create an .ext
file with the contents:
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = localhost.com
IP.1 = 127.0.0.1
Adjust [alt_names]
for your needs.
Step 2
openssl x509 \
-CA ../root/.crt \
-CAcreateserial \
-CAkey ../root/.key \
-days 99999 \
-extfile .ext \
-in .csr \
-out .crt \
-req \
-sha256