# Regenerating Fixture Certificates

You don't need to keep the key file generated by this process.

1. Certificate with an email as subjectAltName:

```
openssl req -x509 \
    -newkey rsa:4096 \
    -sha256 \
    -nodes \
    -days 3650 \
    -keyout _foo.key \
    -out artgarfunkel@uso.mil.crt \
    -subj "/CN=GARFUNKEL.ART.G.5892460358" \
    -extensions SAN \
    -config <(cat /etc/ssl/openssl.cnf; echo '[SAN]'; echo 'subjectAltName=email:artgarfunkel@uso.mil')
```

2. Certificate with a DNS name as subjectAltName:

```
openssl req -x509 \
    -newkey rsa:4096 \
    -sha256 \
    -nodes \
    -days 3650 \
    -keyout _foo.key \
    -out no-email.crt \
    -subj "/CN=GARFUNKEL.ART.G.5892460358" \
    -extensions SAN \
    -config <(cat /etc/ssl/openssl.cnf; echo '[SAN]'; echo 'subjectAltName=DNS:artgarfunkel.com')
```

3. Certificate with no subjectAltName:

```
openssl req -x509 \
    -newkey rsa:4096 \
    -sha256 \
    -nodes \
    -days 3650 \
    -keyout _foo.key \
    -out no-san.crt \
    -subj "/CN=GARFUNKEL.ART.G.5892460358"
```