# To create a Server PEM key off of this file, just run
# openssl genrsa -out server.key 2048
# openssl req -new -key server.key -out server.csr -config openssl_SAN.csr.in -extensions v3_req                                                   #Creates the unsigned server certificate (change v3_req to whatever extensions in the cfg file)
# openssl x509 -req -days 3650 -in server.csr -CA ca.pem -set_serial 01 -out server.crt -extfile openssl_SAN2.csr.in -extensions v3_req            #Creates the signed server certificate
# cat server.crt server.key > server.pem                                                                                                           #Joins the signed cert with the key for the server pem

[ ca ]

default_ca      = CA_default

[ CA_default ]
dir = .
certificate = $dir/ca.pem


[ req ]
default_bits = 4096
default_keyfile = privateKey.pem
distinguished_name = dn
prompt = no
req_extensions = v3_req

[ dn ]
C = US
ST = New York
L = New York City
O = MongoDB
OU = Kernel Users
CN = Kernel Client Peer Role

[ v3_req ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = localhost
IP.1 = 127.0.0.1
IP.2 = ::1