express js https server and client with self signed certificate

httpsclient.js

const request = require('request'),
  fs = require('fs'),
  path = require('path'),
  ca = fs.readFileSync(path.join(__dirname, 'root-ca.crt'));

const options = {
  url: 'https://127.0.0.1:3443/', // any @alt_names will work
  agentOptions: {
    ca: ca
  }
};

request(options, function(error, response, body) {
  console.log(body);
});

httpsserver.js

var express = require('express'),
  https = require('https'),
  fs = require('fs'),
  app = express();

app.get('/', function(req, res) {
  res.send('certified');
});

var options = {
  key: fs.readFileSync('./ssl/xservice.key', 'utf8'),
  cert: fs.readFileSync('./ssl/xservice.crt', 'utf8')
};

https.createServer(options, app).listen('3005', '127.0.0.1');

ssl.sh

#!/bin/bash
#FQDN=$1
FQDN=xservice

######## ROOT CA - ONLY ONCE ############
openssl genrsa \
  -des3 \
  -out root-ca.key 2048

openssl req \
  -x509 \
  -days 1024 \
  -new \
  -nodes \
  -key root-ca.key \
  -sha256 \
  -out root-ca.crt \
  -subj "/C=DE/ST=Berlin/L=Berlin/O=T GmbH/OU=NOC/CN=t.de"
######## END ROOT CA - ONLY ONCE ############

######## FOR every service #################
openssl req \
  -newkey rsa:2048 \
  -new \
  -nodes \
  -keyout ${FQDN}.key \
  -out ${FQDN}.csr \
  -subj "/C=DE/ST=Berlin/L=Berlin/O=T GmbH/OU=Team X/CN=${FQDN}"

openssl x509 \
  -req \
  -days 730 \
  -in ${FQDN}.csr \
  -CA root-ca.crt \
  -CAkey root-ca.key \
  -out ${FQDN}.crt \
  -CAcreateserial \
  -sha256 \
  -extfile v3.ext
######## FOR every service #################

v3.ext

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
DNS.2 = xservice
DNS.3 = xservice.green.svc.cluster.local
IP.1 = 127.0.0.1

thank you. You saved me having to dig out my old macbook to find a similar script I wrote years ago :)