
openssl req -x509 -nodes -new -sha256 -days 3653 -newkey rsa:2048 -keyout rootca.key -out rootca.pem -subj "/C=CN/CN=Test-Root-CA"
openssl x509 -outform pem -in rootca.pem -out rootca.crt

cat > domains.ext <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
EOF

openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=CN/ST=Shanghai/L=Shanghai/O=Test-Certificates/CN=localhost.local"
openssl x509 -req -sha256 -days 3652 -in localhost.csr -CA rootca.pem -CAkey rootca.key -CAcreateserial -extfile domains.ext -out localhost.crt
