Isso funcionou para mim:
arquivo test-no-cn.cnf
[req]
default_bits = 4096
encrypt_key = no
default_md = sha256
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
[ v3_req ]
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName=critical,email:[email protected],URI:http://example.com/,IP:192.168.7.1,dirName:dir_sect
[dir_sect]
C=DK
O=My Example Organization
OU=My Example Unit
CN=My Example Name
Gerar o CSR
openssl req -new -newkey rsa:4096 -nodes -config test-no-cn.cnf -subj "/" -outform pem -out test-no-cn.csr -keyout test-no-cn.key
Assine o CSR
openssl x509 -req -days 365 -in test-no-cn.csr -signkey test-no-cn.key -out test-no-cn.crt -outform der -extensions v3_req -extfile test-no-cn.cnf
Ver o certificado resultante
openssl x509 -inform der -in test-no-cn.crt -noout -text