Self signed root cert with multdomain cert & sha-256

Self signed root cert with multdomain cert & sha-256
—-
Prep by creating dirs

mkdir -p /Users/user/Documents/multidomain/root_cert/private/
mkdir -p /Users/user/Documents/multidomain/star_devwest_foobar_com/

Root Certs
Create Root Key

user@greenscar root_cert $ openssl req \
-x509 \
-new \
-nodes \
-days 3650 \
-newkey rsa:2048 \
-sha256 \
-subj "/C=US/ST=California/L=San\ Jose/O=Cloud\ Cruiser\ Inc./CN=*.foobar.com" \
-keyout /Users/user/Documents/multidomain/root_cert/private/root_ca.key

Create Self Signed Root Cert

openssl req \
-x509 \
-sha256 \
-new \
-nodes \
-days 3650 \
-key /Users/user/Documents//SHA-256/root_cert/private/root_ca.key \
-subj "/C=US/ST=California/L=San\ Jose/O=Cloud\ Cruiser\ Inc./CN=*.foobar.com" \
-out /Users/user/Documents/multidomain/root_cert/root_ca.crt      

————————————————
Per environment certs
CD to cert dir

user@greenscar star_devwest_foobar_com $ cd /Users/user/Documents/multidomain/star_devwest_foobar_com

Create Private Key

openssl genrsa \
-out /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.key \
2048

Generate CSR

user@greenscar SHA-256 $ cd /Users/user/Documents/multidomain/star_devwest_foobar_com
openssl req -new \
-config /Users/user/Documents/multidomain/foobar.com.cnf \
-key /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.key \
-sha256 \
-out /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.csr \
-subj "/C=US/ST=California/L=San\ Jose/O=FooBar\ Inc./CN=devwest.foobar.com" 

Create files with all domains you want supported

echo "subjectAltName=DNS:devwest.foobar.com,DNS:*.devwest.foobar.com">cert_extensions

Checkout our new CSR
openssl req -text -noout -in star_devwest_foobar_com.csr

Sign cert via self signed root cert

openssl x509 -req \
-in /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.csr \
-CA /Users/user/Documents/multidomain/root_cert/root_ca.crt \
-CAkey /Users/user/Documents/multidomain/root_cert/private/root_ca.key \
-CAcreateserial \
-sha256 \
-extfile cert_extensions \
-out /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.crt \
-days 3650

Upload Cert

user@greenscar star_devwest_foobar_com $ aws iam delete-server-certificate --server-certificate-name star_devwest_foobar_com
user@greenscar star_devwest_foobar_com $  aws iam upload-server-certificate --server-certificate-name star_devwest_foobar_com  --certificate-body file://star_devwest_foobar_com.crt --private-key file://star_devwest_foobar_com.key