Fast create seft-signed certificate with openssl

openssl req -new -x509 -days 365 -nodes -out SSL_CERT.crt -keyout SSL_KEY.key

       The req command primarily creates and processes certificate requests in PKCS#10 format. It can additionally create self signed
       certificates for use as root CAs for example.
 
       -new
           this option generates a new certificate request. It will prompt the user for the relevant field values. The actual fields
           prompted for and their maximum and minimum sizes are specified in the configuration file and any requested extensions.
 
       -x509

Подписываем сертификат на несколько доменов

Создаем корневой ключ:

openssl genrsa -out rootCA.key 2048

Самоподписаный корневой сертификат:

openssl req -x509 -new -key rootCA.key -days 10000 -out rootCA.crt

Ключ для сервера:

openssl genrsa -out example.com.key 2048

Создаем конфиг openssl.cnf:

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = MN

User tags

centos 7 CPAN SSD APU arping find iowait etch mdadm elliptics cgroups bacula qemu lstat equalizer 3Ware fio dstat numa language virtualbox usb arp ulimit rtl8723be shellshock backup grub tin source HDFS perlbrew raid5 lxc AMD cache .htaccess ansible radeon soa ubuntu dovecot vrrpd mariadb lubuntu MODx firefox MegaRAID jackd corosync tzdata boot X forwarding perl bridge idmapd apt routing pvmove RT flash PTR sysrq htop xhost ipmi alien rsync xen newgrp dns swap performance video git replication qcow2 virsh ddos sysresccd SuperMicro opcontrol dhcp drupal virt-install scsi dpkg StorMan keyboard profiling iptables tftp dhclient route security erase core dump storage munin cpu usage sysctl.conf vlan freedos fido7 tar arch parallel Salt SpamAssassin regex top encrypt wget ardour gtk debian DRBD gdb /etc/network/interfaces ps cluster java tun SYN leap second nginx apache rkhunter nvidia PXE gpg mysql vim sublime ha iostat sg cfq tool Areca sftp bash bscan docker openvpn ip taskset exim noop vrrp conntrack tiger shorewall vtysh rtsp backtrace search cpu Adaptec glusterfs chromium gre debootstrap php mkfs KVM hotplug sysfs initrd docker-compose rpm glxinfo ipmitool pam bug netfilter su oprofile iSCSI lts LSI quagga limit_conn squeeze pulseaudio fail2ban bonding zRam NFS xargs puppet deb hdparm mount slab graylog2 proxy sysctl chroot wordpress OpenStack in-addr.arpa asoundrc HTTPS kernel cpanm lenny alsa raid OpenSSL xfs CentOS ssh opreport groups pacemaker Swift youtube build LVM bind iops nfs4 exim4