--
-- NOTE: Make sure to answer 'localhost' as the FQDN
-- (or the proper FQDN)
-- Otherwise, socket.io will reject the connection
--

Option 1:
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt

Option 2:
openssl genrsa -out key.pem
openssl req -new -key key.pem -out csr.pem
openssl x509 -req -days 9999 -in csr.pem -signkey key.pem -out cert.pem
rm csr.pem

Option 3: With Certificate Authorities

Gen Root CA Key
openssl genrsa -out root-ca.key 4096 -nodes

Gen Root CA Certificate (self-signed)
openssl req -x509 -new -nodes -key root-ca.key -sha256 -days 1024 -out root-ca.crt

Gen Server Certificate Key
openssl genrsa -out server.key 2048 -nodes

Gen Server CSR (signing request)
openssl req -new -key server.key -out server.csr

(optional) Verify CSR Content
openssl req -in server.csr -noout -text

Sign the Server CSR to make Server Certificate
openssl x509 -req -in server.csr -CA root-ca.crt -CAkey root-ca.key -CAcreateserial -out server.crt -days 365 -sha256

Verify Server Certificate Content
openssl x509 -in server.crt -text -noout

Note: Using -nodes means no des -> no password protection on keys