set SSL="C:\Program Files\Git\mingw64\bin\openssl.exe"
:: create rootCA key
%SSL% req -x509 -days 3650 -newkey rsa:4096 -new -nodes -keyout gen/rootCA.key -out gen/rootCA.pem -subj "/C=NL/ST=ZH/O=MyOrganisation/CN=MyRootCA" -reqexts SAN -config rootCA.config

[req]
distinguished_name  = req_distinguished_name
req_extensions      = san, v3_req
extensions          = san

[req_distinguished_name]

[v3_req]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alt_names

[SAN]
subjectAltName=DNS:localhost

set SSL="C:\Program Files\Git\mingw64\bin\openssl.exe"
:: create domain key
%SSL% req -x509 -days 3650 -newkey rsa:4096 -new -nodes -keyout gen/domainC.key -out gen/domainC.pem -subj "/C=NL/ST=ZH/O=MyOrganisation/CN=localhost" -reqexts SAN -config domainCert.config
:: create a Certificate Signing Request (CSR)
%SSL% req -new -key gen/domainC.key -subj "/C=NL/ST=ZH/O=DNA Services B.V./CN=localhost" -out gen/domainC.csr
:: sign domain key with root key as certificate
%SSL% x509 -req -in gen/domainC.csr -CA gen/rootCA.pem -CAkey gen/rootCA.key -CAcreateserial -out gen/domainC.crt -sha256 -extfile v3.ext

[req]
distinguished_name  = req_distinguished_name
req_extensions      = san, v3_req
extensions          = san

[req_distinguished_name]

[v3_req]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alt_names

[SAN]
subjectAltName=DNS:localhost

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost