In this post, I include a script that can generate Self-signed X509 certificates (for use with https for example) with several names for the server. This is required because the certificate exchange is made on a lower level than the protocol exchange. For example, Apache can deliver to different domain names, but only one certificate can be used because it is asked before the domain name negotiation. So aliases must be included in the certificate or warnings are printed to the user.

So here is the script. Just run it with the main name for the server in first place, and the other names after it.

Do not hesitate to change the default values in the auxiliary and mandatory openssl-conf.cnf file.

If you need to get a certificate for some service and the server does not offer to download it, just use the following:

SITE="www.example.org"; PORT=993
openssl s_client -connect $SITE:$PORT -showcerts $SITE.crt </dev/null | sed -ne '/BEGIN CERTIFICATE/,/END CERTIFICATE/ p' > $SITE.crt