Generate Self-sign cert and key openssl req \ -newkey rsa:2048 \ -x509 \ -nodes \ -keyout server.key \ -new \ -out server.pem \ -subj /CN=ningzeta.com \ -reqexts SAN \ -extensions SAN \ -config <(cat /etc/pki/tls/openssl.cnf \ <(printf '[SAN]\nsubjectAltName=DNS:*.ningzeta.com,IP:192.168.0.1,IP:192.168.0.2,IP:192.168.0.3')) \ -sha256 \ -days 3650 Convert to pkcs openssl pkcs12 -inkey server.key -in server.pem -export -out server.pfx To trust in other system(rhel) Get the cert openssl s_client -connect my-server.example.com:443 <<<'' | openssl x509 -out my-server.example.com.crt Add to root trust cp my-server.crt /etc/pki/ca-trust/source/anchors/ update-ca-trust enable update-ca-trust extract
