create config (.cnf) file with below example content:
### no need to change
[ req ]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
### update fields as needed:
[ dn ]
C = ## country
ST = ## city
O = ## organisation
OU = ## organisational unit
CN = ## FQDN
[ req_ext ]
subjectAltName = @alt_names
extendedKeyUsage = serverAuth,clientAuth
## optional
### add if applicable
[ alt_names ]
DNS.1 = ## alt name 1
DNS.2 = ## alt name 2
IP.1 = ## ip of server
create CSR with new key with the command below:
openssl req -config <filename>.cnf -out <filename>.req -new -newkey RSA:2048 -keyout <filename>.key -nodes
-config infile Request template file
-out outfile Output file
-new New request
-newkey val Specify as type:bits
-keyout outfile File to send the key to
-nodes Don't encrypt the output key
use the created csr to get a certificate