I used the following configuration file:
cert.cnf
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
CN = lvh.me
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.lvh.me
DNS.2 = lvh.me
and ran the following shell scripts:
openssl req -new \
-newkey rsa:2048 \
-sha256 \
-days 3650 \
-nodes \
-x509 \
-keyout lvh.me.key \
-out lvh.me.crt \
-config cert.cnf
cat lvh.me.key lvh.me.crt > lvh.me.pem
cp lvh.me.* /usr/local/etc/