nano openssl.cnf
---
[req]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[req_distinguished_name]
C = ID
ST = Jakarta
L = Jakarta
O = LAB
OU = Infrastructure
CN = example.yourorg.site
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = example.yourorg.site
DNS.2 = www.example.yourorg.site
---
openssl genpkey -algorithm RSA -out rootCA.key -aes256
openssl req -new -x509 -key rootCA.key -out rootCA.crt -config openssl.cnf
openssl genpkey -algorithm RSA -out server.key -aes256
openssl req -new -key server.key -out server.csr -config openssl.cnf
openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256
cat rootCA.crt server.crt > ca-certificates.crt
### Key for Nginx
openssl rsa -in server.key -out server-nopass.key