$ openssl genrsa -des3 -out myCA.key 2048
$ openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
In Chrome, add cert to trusted CAs
$ openssl genrsa -out nginx.key 2048
$ openssl req -new -key nginx.key -out nginx.csr
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = aws.test
DNS.2 = leaflets.test
$ openssl x509 -req -in nginx.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial \
-out nginx.crt -days 1825 -sha256 -extfile nginx.ext
Add the new host to the ext file. Re-run
$ openssl x509 -req -in nginx.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial \
-out nginx.crt -days 1825 -sha256 -extfile nginx.ext
Restart NGINX