Fast create seft-signed certificate with openssl

openssl req -new -x509 -days 365 -nodes -out SSL_CERT.crt -keyout SSL_KEY.key

       The req command primarily creates and processes certificate requests in PKCS#10 format. It can additionally create self signed
       certificates for use as root CAs for example.
           this option generates a new certificate request. It will prompt the user for the relevant field values. The actual fields
           prompted for and their maximum and minimum sizes are specified in the configuration file and any requested extensions.

Подписываем сертификат на несколько доменов

Создаем корневой ключ:

openssl genrsa -out rootCA.key 2048

Самоподписаный корневой сертификат:

openssl req -x509 -new -key rootCA.key -days 10000 -out rootCA.crt

Ключ для сервера:

openssl genrsa -out 2048

Создаем конфиг openssl.cnf:

distinguished_name = req_distinguished_name
req_extensions = v3_req
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = MN

User tags

puppet X forwarding iptables openvpn newgrp bind backup SuperMicro debootstrap rsync exim4 pam Salt glxinfo pulseaudio mdadm ha conntrack xhost ubuntu route ulimit virsh etch ipmitool fido7 iops drupal dpkg cgroups xfs opcontrol arping AMD LVM boot flash nginx sysctl corosync tzdata mariadb bridge fail2ban ansible deb grub rtl8723be munin hotplug sublime pacemaker equalizer jackd gpg parallel tin pvmove chromium git zRam oprofile replication bug gtk asoundrc cpu slab radeon cluster SSD Swift wget qcow2 search lenny freedos centos 7 graylog2 perlbrew quagga gre dhcp perl dovecot sysfs OpenStack ipmi source su HDFS wordpress noop SpamAssassin vrrpd docker mysql /etc/network/interfaces OpenSSL CPAN fio top cpanm taskset iostat iowait .htaccess backtrace idmapd Adaptec rkhunter vrrp cpu usage PXE glusterfs soa numa rpm swap PTR MegaRAID KVM ardour tool ddos DRBD ssh xargs shorewall xen alsa performance regex alien bash bonding scsi core dump hdparm proxy security erase leap second language vlan chroot docker-compose tar iSCSI profiling nfs4 cache virtualbox sg debian 3Ware kernel netfilter lts encrypt lstat StorMan nvidia arch MODx cfq build mkfs php gdb firefox ps groups virt-install mount vim sftp limit_conn storage find initrd dstat dhclient elliptics opreport keyboard sysctl.conf sysresccd qemu raid5 sysrq raid video shellshock tiger lxc bacula lubuntu SYN rtsp apt youtube tftp java tun HTTPS arp dns Areca usb NFS squeeze ip RT routing CentOS apache bscan LSI vtysh exim APU htop