Generate a Certificate Signed by your Self-Signed Root CA

Generate a certificate signed by the above root certificate authority (CA). This certificate can be used in the applications.

openssl genrsa -out app1.key 2048
# password protect key: openssl genrsa -out -des3 app1.key 2048 
openssl req -new -key app1.key -out app1.csr \
  -subj "/C=US/ST=CA/L=Santa Clara/O=MyOrg/OU=AppOU/CN=app1.myorg.com/emailAddress=app1@myorg.com"
openssl x509 -req -in app1.csr -CA myca.crt -CAkey myca.key -out app1.crt -sha384\
  -days 365 -CAcreateserial -extensions SAN \
  -extfile <(printf " [SAN]\nbasicConstraints=CA:false\nsubjectAltName=DNS:app1.myorg.com,DNS:app1- 1.myorg.com,IP:192.168.10.21,IP:192.168.10.22")