Generate self-signed certificates
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = CA
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Ontario
localityName = Locality Name (eg, city)
localityName_default = Toronto
organizationName = Organization Name (eg, company)
organizationName_default = Your_Company_Name
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
commonName_default = yourdomain.com
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = anything.yourdomain.com
DNS.2 = *.anything.yourdomain.com
Then, create a private key.
openssl genrsa -out private.key 4096
openssl req -new -sha256 \
-out private.csr \
-key private.key \
-config ssl.conf
openssl req -text -noout -in private.csr
Finally, generate the certificate.
openssl x509 -req \
-sha256 \
-days 3650 \
-in private.csr \
-signkey private.key \
-out private.crt \
-extensions req_ext \
-extfile ssl.conf
openssl s_client -state -nbio -connect https://PUT-SERVER-URL-OR-IP-HERE