$ cat > openssl.cnf <<-EOF
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
prompt = no
[req_distinguished_name]
CN = example.local
[v3_ca]
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alternate_names
[alternate_names]
DNS.1 = example.local
DNS.2 = www.example.local
DNS.3 = api.example.local
EOF
$ openssl req -new -x509 -newkey rsa:2048 -sha256 -days 3650 -nodes -keyout ssl.key -out ssl.crt -config openssl.cnf