Adapted from http://blog.herecura.eu/blog/2015/09/13/self-signed-multi-domain-certificate/
Create a file named cert.conf
:
[ local_san ]
nsCertType = server
keyUsage = digitalSignature,nonRepudiation,keyEncipherment
extendedKeyUsage = serverAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
subjectAltName = @local_san_subject
[ local_san_subject ]
#Valid local addresses
DNS.1 = *.test
DNS.2 = *.example
DNS.3 = *.invalid
DNS.4 = localhost
DNS.5 = *.localhost
DNS.6 = 127.0.0.1
DNS.7 = ::1
#Don't use/migrate away from .dev, it is a real gTLD: icannwiki.com/.dev
#DNS.8 = dev
#DNS.9 = *.dev
Then run the following shell script:
#!/bin/sh
openssl genrsa 4096 > localCA.key #generate CA key
openssl req -x509 -new -nodes -key localCA.key -days 1000 -sha256 -subj '/CN=YourCompany' > localCA.pem #generate CA cert
openssl genrsa 2048 > local.key #generate server key
openssl req -new -subj '/CN=YourCompany' -key local.key > local.csr #generate signing request
openssl x509 -req -days 1000 -sha256 -CA localCA.pem -CAkey localCA.key -CAcreateserial -in local.csr -extfile cert.conf -extensions local_san > local.pem #sign request with local CA
#limit potential for 🔥
rm localCA.key
rm localCA.srl
rm local.csr
chmod 640 local.key