cert.rb

domain = "*.example.com"
subjectAltDomains = [ domain, "example.com" ]

require 'openssl'
puts "Generating public and private keys..."
key = OpenSSL::PKey::RSA.new(2048)

subject = "/C=US/ST=California/L=Los Angeles/O=Example Inc./CN=#{domain}"

cert = OpenSSL::X509::Certificate.new
cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)

cert.not_before = Time.now
cert.not_after = Time.now + 365*24*60*60
cert.public_key = key.public_key
cert.serial = 0x0
cert.version = 2

puts "Signing certificate..."
ef = OpenSSL::X509::ExtensionFactory.new
ef.subject_certificate = ef.issuer_certificate = cert

cert.extensions = [
  ef.create_extension("basicConstraints","CA:FALSE", true),
  ef.create_extension("subjectKeyIdentifier", "hash")
]
cert.add_extension ef.create_extension("authorityKeyIdentifier",
                                 "keyid:always,issuer:always")
cert.add_extension ef.create_extension("subjectAltName", subjectAltDomains.map { |d| "DNS: #{d}" }.join(','))


cert.sign key, OpenSSL::Digest::SHA1.new

File.open("/tmp/cert.pem", "w") { |f| f.write(cert.to_pem) }
File.open("/tmp/cert.key", "w") { |f| f.write(key.to_s) }