openssl genrsa -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key \
-subj "/C=KR/ST=Daejeon/L=Yuseong-gu/O=Foo Inc./CN=Foo Certificate Autority/OU=www.foo.com" \
-out ca.crt
openssl req -newkey rsa:2048 -nodes -keyout cert.key \
-subj "/C=KR/ST=Daejeon/L=Yuseong-gu/O=Foo Inc./OU=Devops/CN=*.foo.com" \
-out cert.csr
openssl x509 -req -days 365 \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-extfile <(printf "subjectAltName=DNS:foo.com,DNS:www.foo.com") \
-in cert.csr -out cert.crt