The comments in CA.cfg file serve as a good tutorial for setting up
a simple PKI for a system test. There is a typo in one of the presented
commands, which results in openssl not exiting with an error message
instead of generating a certificate.
Fix the typo.
# xxd -l 8 -u -ps /dev/urandom > ./serial
# 2. Create the new certificate request (e.g. for foo.example.com):
# openssl req -config ./CA.cfg -new -subj "/CN=foo.example.com" \
-# -addext "subjectAltName=DNS:foo.example.com,IP=X.X.X.X" \
+# -addext "subjectAltName=DNS:foo.example.com,IP:X.X.X.X" \
# -newkey rsa -keyout ./certs/foo.example.com.key \
# -out ./certs/foo.example.com.csr
#