>>> import this

Generating Self Signed Certificate with Subject Alternate Names

March 24, 2020

Configuration file for running OpenSSL. You will need to specify the path to this in the below commands.

josh-desk.conf:

[req]

default_bits = 4096
prompt = no
default_md = sha256
x509_extensions = v3_req
distinguished_name = dn


[dn]
C = US
ST = MyState
L = MyCity
O = JoshDesktop
emailAddress = myemail.com
CN = cn


[v3_req]
subjectAltName = @alt_names

[alt_names]
DNS.1 = dev.com
DNS.2 = *.dev.com
DNS.3 = custom-dev.com
DNS.4 = *.custom-dev.com

Generate the .key and .crt files:

winpty openssl req -new -x509 -newkey rsa:4096 -sha256 -nodes -keyout josh-desk.key -days 3560 -out josh-desk.crt -config josh-desk.conf

Convert to .pfx:

winpty openssl pkcs12 -export -out josh-desk.pfx -inkey josh-desk.key -in josh-desk.crt

Then, REMEMBER to open the .pfx file and trust the certificate by putting it into the “Trusted Root Certification Authorities” store.

Josh Manning

Written by Josh Manning who lives and works in Manhattan, KS.