My updated version of a script to create an HTTPS TLS cert that has subjectAltName set correctly for a domain. See the stackoverflow post in the comments. Requires a 4096 RSA key for the device, and a root CA key and cert to already exist

create_certificate_for_domain.sh

#!/bin/bash

#https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate/43666288#43666288

if [ -z "$1" ]
then
  echo "Please supply a subdomain to create a certificate for";
  echo "e.g. www.mysite.com"
  exit;
fi

if [ -z "$2" ]
then
        echo "Need to have name for device";
        exit;
fi

DOMAIN=$1
DEVICE=$2
#COMMON_NAME=${2:-*.$1}
COMMON_NAME=$DOMAIN
SUBJECT="/C=<country>/ST=<state>/L=<locale>/O=<org>/CN=$COMMON_NAME"
NUM_OF_DAYS=999
openssl req -new -sha256 -nodes -key $DEVICE.key -subj "$SUBJECT" -out $DEVICE.csr
cat v3.ext | sed s/%%DOMAIN%%/$COMMON_NAME/g > /tmp/__v3.ext
openssl x509 -req -in $DEVICE.csr -CA <root ca>.pem -CAkey <root ca>.key -CAcreateserial -out $DEVICE.crt -days $NUM_OF_DAYS -sha256 -extfile /tmp/__v3.ext

# move output files to final filenames
mv $DEVICE.csr $DOMAIN.csr
#cp device.crt $DOMAIN.crt

# remove temp file
#rm -f device.crt;

echo
echo "###########################################################################"
echo Done!
echo "###########################################################################"
echo "To use these files on your server, simply copy both $DOMAIN.csr and"
echo "device.key to your webserver, and use like so (if Apache, for example)"
echo
echo "    SSLCertificateFile    /path_to_your_files/$DOMAIN.crt"
echo "    SSLCertificateKeyFile /path_to_your_files/device.key"