Generate CA and certificate with subjectAltName for HTTPS

CA.cnf

[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no

[req_distinguished_name]
C = RU
ST = Москва
L = Москва
O = Секурные разработки
OU = Coding
CN = MyLovely CA
emailAddress = me+CA@some.email

[v3_req]
basicConstraints=CA:true

gen.sh

#!/bin/bash

if [ ! -f CA.crt ]; then
	openssl genrsa -out CA.key 2048
	openssl req -utf8 -x509 -new -nodes -key CA.key -sha256 -days 3650 \
		-out CA.crt -config CA.cnf -extensions v3_req
fi

cnf=$(mktemp)
cat templ.cnf > $cnf
dns=()
ip=()

n=
for arg in "$@"; do
	if [ -z "$n" ]; then
		n=$arg
	fi

	if [[ $arg =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ ]]; then
		ip+=($arg)
	else
		dns+=($arg)
	fi
done

if [ ${#dns} = 0 ]; then
	dns=($(uname -n | sed 's/\s/-/g').dev)
	if [ -z "$n" ]; then
		n=${dns[0]}
	fi
fi

i=1
for name in "${dns[@]}"; do
	echo "DNS.$i = $name" >> $cnf
	i=$(($i + 1))
done

i=1
for address in "${ip[@]}"; do
	echo "IP.$i = $address" >> $cnf
	i=$(($i + 1))
done

openssl genrsa -out $n.key 2048
openssl req -utf8 -new -key $n.key -out $n.csr -config $cnf -extensions v3_req
openssl x509 -req -in $n.csr \
  -CA CA.crt -CAkey CA.key -CAcreateserial \
  -out $n.crt -days 3650 -sha256 \
  -extfile $cnf -extensions v3_req

rm $cnf

if command -v trust; then
   sudo trust anchor CA.crt
fi

templ.cnf

[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no

[req_distinguished_name]
C = RU
ST = Москва
L = Москва
O = Секурные разработки
OU = Coding
CN = MyLovely
emailAddress = me@some.email

[v3_req]
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
#IP.1 = 10.0.2.2 # thus we can access server securely from android emulator