1. create the CA cert
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
2. create client req csr
openssl genrsa -des3 -out server.key 2048
*edit the openssl.conf
uncomment “req_extensions = v3_req”
in [ v3_req ] add
subjectAltName = @alt_names
add the end of the file
[ alt_names ] DNS.1 = test.domain.com DNS.2 = www1.domain.com
openssl req -new -key server.key -out server.csr
*create a config file “server.conf”
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = test.domain.com DNS.2 = www1.domain.com
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -extfile server.conf -out server.crt