Recently, for reasons, I had to generate a self-signed certificate with subject alternative names. As an additional wrinkle, I was trying to do it as part of the userdata script for a machine instance in EC2 running Amazon Linux. This turned out to be more difficult than expected.
After piecing together various blog posts this is what I ended up with.
LOCAL_HOSTNAME=$(GET http://169.254.169.254/latest/meta-data/local-hostname) LOCAL_IPV4=$(GET http://169.254.169.254/latest/meta-data/local-ipv4) openssl req \ -newkey rsa:2048 \ -nodes \ -sha256 \ -x509 \ -days 3650 \ -config <(cat <<EOF [req] distinguished_name = req_distinguished_name x509_extensions = v3_req prompt = no [req_distinguished_name] C = US ST = California L = Los Angeles O = Example.
