self signed certificate wilcard

create_pfx_file.sh

openssl pkcs12 -export -out certificate.pfx -inkey server.key -in server.crt

createRootCA.sh

#!/usr/bin/env bash
openssl genrsa -des3 -passout pass:x -out rootCA.key 2048
openssl rsa -passin pass:x -in rootCA.key -out server.key
mv rootCA.key rootCA_withpass.key
cp server.key rootCA.key
openssl req -new -key rootCA.key -out server.csr -config <( cat server_csr.cnf )
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -config <( cat server_csr.cnf )

createSelfSignedCert.sh

#!/usr/bin/env bash
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server_csr.cnf )

openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 300 -sha256 -extfile v3.ext

server_csr.cnf

ts = 2048
prompt = no
default_md = sha256
distinguished_name = dn

[dn]
C=TR
ST=Istanbul
L=L
O=End Point
OU=Company
emailAddress=mail@domain.com
CN = *.domain.com

v3.ext

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = *.domain.com