#!/bin/bash

# Note: Bash is required for the '<()' feature
openssl req \
  -newkey rsa:2048 \
	-days 3650 \
	-nodes \
	-x509 \
	-subj "/CN=app01.test" \
  -extensions SAN \
	-config <( cat /etc/ssl/openssl.cnf <( printf "[SAN]\nsubjectAltName='DNS.1:*.app01.test,DNS.2:app01.test'" )) \
	-keyout private_key.pem \
	-out server.crt