ZloyPotroh/cert.cnf

## cert.cnf
[ req ]
default_bits       = 2048
default_md         = sha512
default_keyfile    = vernemq.key
prompt             = no
encrypt_key        = no
distinguished_name = req_distinguished_name

[ req_distinguished_name ]
countryName                 = RU
stateOrProvinceName         = Moscow
localityName               = Moscow
organizationName           = Ivi Knob
commonName                 = iviknob.com

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1   = localhost
DNS.2   = redde.ru
DNS.3   = iviknob.com
IP.1 = 127.0.0.1

## gistfile1.txt
До шага 4 включительно все тоже самое, шаг 5:

$~: openssl x509 -req -in vernemq.csr -CA vernemq_ca.crt -CAkey vernemq_ca.key -CAcreateserial -extensions req_ext -extfile cert.cnf -out vernemq.crt -days 3650

Две опции:
- extensions [имя секции в конфиге, которое определяет, откуда брать Subject Alt Name, в частности]
- extfile [собственно, файл конфига]

Изменить конфиг vernemq.conf:
allow_anonymous = on

далее вывод по минимуму:
$~: openssl x509 -text -noout -in vernemq.crt -certopt no_subject,no_header,no_version,no_serial,no_signame,no_validity,no_issuer,no_pubkey,no_sigdump,no_aux

        X509v3 extensions:
            X509v3 Subject Alternative Name:
                DNS:localhost, DNS:redde.ru, DNS:iviknob.com, IP Address:127.0.0.1

Check with mosquitto:
$~: mosquitto_pub -h localhost -p 8883 -t test/test -m "test" -d --cafile ~/dev/knob/cert/vernemq_ca.crt
$~: mosquitto_sub -h localhost -p 8883 --cafile ./vernemq_ca.crt -t "test/test" --cert ./vernemq.crt --key ./vernemq.key -d
	[ req ]
	default_bits = 2048
	default_md = sha512
	default_keyfile = vernemq.key
	prompt = no
	encrypt_key = no
	distinguished_name = req_distinguished_name

	[ req_distinguished_name ]
	countryName = RU
	stateOrProvinceName = Moscow
	localityName = Moscow
	organizationName = Ivi Knob
	commonName = iviknob.com

	[ req_ext ]
	subjectAltName = @alt_names

	[ alt_names ]
	DNS.1 = localhost
	DNS.2 = redde.ru
	DNS.3 = iviknob.com
	IP.1 = 127.0.0.1
	До шага 4 включительно все тоже самое, шаг 5:

	$~: openssl x509 -req -in vernemq.csr -CA vernemq_ca.crt -CAkey vernemq_ca.key -CAcreateserial -extensions req_ext -extfile cert.cnf -out vernemq.crt -days 3650

	Две опции:
	- extensions [имя секции в конфиге, которое определяет, откуда брать Subject Alt Name, в частности]
	- extfile [собственно, файл конфига]

	Изменить конфиг vernemq.conf:
	allow_anonymous = on

	далее вывод по минимуму:
	$~: openssl x509 -text -noout -in vernemq.crt -certopt no_subject,no_header,no_version,no_serial,no_signame,no_validity,no_issuer,no_pubkey,no_sigdump,no_aux

	X509v3 extensions:
	X509v3 Subject Alternative Name:
	DNS:localhost, DNS:redde.ru, DNS:iviknob.com, IP Address:127.0.0.1

	Check with mosquitto:
	$~: mosquitto_pub -h localhost -p 8883 -t test/test -m "test" -d --cafile ~/dev/knob/cert/vernemq_ca.crt
	$~: mosquitto_sub -h localhost -p 8883 --cafile ./vernemq_ca.crt -t "test/test" --cert ./vernemq.crt --key ./vernemq.key -d