Generate Self Signed SSL and added it as Trusted Root on OSX

gencert.sh

#!/usr/bin/env bash

OPENSSL=/usr/local/Cellar/openssl/1.0.2j/bin/openssl
CERTPATH=./etc/nginx/certs/

${OPENSSL} genrsa -out ${CERTPATH}/app-wildcard.key 2048
${OPENSSL} req -new -out ${CERTPATH}/app-wildcard.csr -key ${CERTPATH}/app-wildcard.key -config openssl.cnf
${OPENSSL} x509 -req -days 3650 -in ${CERTPATH}/app-wildcard.csr -signkey ${CERTPATH}/app-wildcard.key -out ${CERTPATH}/app-wildcard.crt -extfile openssl.cnf -extensions v3_req

sudo security delete-certificate -c "*.app"
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ${CERTPATH}/app-wildcard.crt

openssl.cnf

[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no

[req_distinguished_name]
commonName             = *.app
countryName            = US
stateOrProvinceName    = AL
localityName           = Huntsville
organizationName       = Example LLC
organizationalUnitName = IT
emailAddress           = [email protected]

[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = example.app
DNS.2 = example2.app
IP.1 = 127.0.0.1