$ vim make-dummy-cert-san.sh #!/bin/bash [ -z "$1" ] && echo "$0 naked_domain_name" && exit 1 openssl req -new -newkey "rsa:2048" -days 36500 -x509 -nodes -out $1.crt -keyout $1.key -config <(cat <<-EOF [req] default_bits = 2048 prompt = no default_md = sha256 distinguished_name = dn req_extensions = req_ext x509_extensions = v3_req [ dn ] C=JP ST=Tokyo L=default O=default OU=default CN=www.$1 [ alt_names ] DNS.1 = www.$1 DNS.2 = $1 [ req_ext ] subjectAltName = @alt_names [ v3_req ] basicConstraints=CA:FALSE keyUsage=nonRepudiation, digitalSignature, keyEncipherment subjectAltName=@alt_names EOF )
$ make-dummy-cert-san.sh example.com
参考: OpenSSL CSR with Alternative Names one-line | End Point Blog
