Self-signed cert with SAN openssl

One-liner self-signed cert valid 1y; SAN required or TLS clients reject it

openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 -subj "/CN=<host>" -addext "subjectAltName=DNS:<host>"
more openssl all 27 commands →