自签名证书

sudo openssl req -x509 -nodes -days 3650 \
  -newkey rsa:2048 \
  -keyout localhost.key \
  -out localhost.crt \
  -subj "/C=CN/ST=Dev/L=Dev/O=Dev/CN=localhost"

自签名证书（IP）

cat > openssl-san.cnf <<EOF
[req]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = v3_req
x509_extensions    = v3_req
prompt             = no

[req_distinguished_name]
C  = CN
ST = Dev
L  = Dev
O  = Dev
CN = 192.168.0.198

[v3_req]
subjectAltName = @alt_names

[alt_names]
IP.1 = 192.168.0.198
DNS.1 = localhost
EOF

openssl req -x509 -nodes -days 3650 \
  -newkey rsa:2048 \
  -keyout localhost.key \
  -out localhost.crt \
  -config openssl-san.cnf