Create this file as [hostname].ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage=digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName=@alt_names
[alt_names]
DNS.1=[hostname]
openssl genrsa -out [caname].key 2048
openssl req -x509 -new -nodes -key [caname].key -sha256 -days 18250 -out [caname].pem
openssl req -x509 -nodes -days 18250 -newkey rsa:2048 -keyout [hostname].key -out [hostname].crt
openssl req -new -newkey rsa:2048 -sha256 -nodes -keyout [hostname].key -out [hostname].csr
openssl x509 -req -in [hostname].csr -CA [caname].pem -CAkey [caname].key -CAcreateserial -out [hostname].crt -days 18250 -sha256 -extfile [hostname].ext
openssl pkcs12 -export -in [hostname].crt -inkey [hostname].key -out [hostname].p12
openssl pkcs12 -in [hostname].p12 -nodes -out [hostname].pem