create or generate certificate
[ req ]
distinguished_name = req_distinguished_name
req_extensions = server_req_extensions
prompt = no
[ req_distinguished_name ]
C = US
ST = CA
L = San Francisco
O = Pivotal
OU = PCF POC
CN = <Your URL>
emailAddress = <Your email address>
####################################################################
[ server_req_extensions ]
keyUsage = critical, digitalSignature, keyEncipherment
subjectAltName = @alternate_names
basicConstraints = CA:FALSE
####################################################################
[ alternate_names ]
DNS.1 = <SAN 1>
DNS.2 = <SAN 2>
DNS.3 = <SAN 3>
# wget https://gist.githubusercontent.com/dwallraff/c1ed31291ac7cf19304b/raw/7926af3b843209705427e0c76486ddc7d17d876d/temp.cnf
# Edit temp.cnf for your information
# Run this script
# Using elliptic curve instead of RSA
openssl ecparam -genkey -out keyfile.pem -name prime256v1
# openssl genrsa -out keyfile.pem 2048
# Generate cert
openssl req -x509 -new -key keyfile.pem -out cert.pem -extensions server_req_extensions -config temp.cnf
# With CSR
# openssl req -x509 -new -key keyfile.pem -in csr.csr -out cert.pem -extensions server_req_extensions -config temp.cnf
# Generate CSR using temp.cnf to allow for SANs in the CSR
# openssl req -out csr.csr -key keyfile.pem -nodes -keyout csr.key -new -config temp.cnf
# Generate new key and CSR (RSA)
# openssl req -out csr.csr -new -newkey rsa:2048 -nodes -keyout keyfile.pem