Generating Certificates for Multiple Hosts

When generating a bunch of certificates with a self-signed CA, a loop is the way to go:

    #Config for openssl
    sudo mkdir -p /etc/pki/CA
    sudo touch /etc/pki/CA/index.txt
    echo "1000" | sudo tee /etc/pki/CA/serial
    sudo sed -i 's/# copy_extensions = copy/copy_extensions = copy/' /etc/pki/tls/openssl.cnf

    #Generate a CA certificate, loop over the CSR and signing
    subjprefix='/C=AE/ST=Dubai/L=Bur Dubai/O=Pocket Theories/OU=Web'
    mydomain='pockettheories.com'
    openssl req -newkey rsa:2048 -new -x509 -sha256 -extensions v3_ca -out ca.cert -keyout ca.key -subj "${subjprefix}/CN=certificateauthority" -nodes -days 3650
    for iterhost in web0 web1 web2 db0 db1 db2 nlb0 nlb1 nlb2 cdn
    do
        openssl req -sha256 -nodes -newkey rsa:2048 -keyout ${iterhost}.key -new -out ${iterhost}.csr -subj "${subjprefix}/CN=${iterhost}.${mydomain}" -addext "subjectAltName=DNS:${iterhost}.${mydomain}" -addext "extendedKeyUsage=serverAuth,clientAuth"
        sudo openssl ca -in ${iterhost}.csr -out ${iterhost}.cert -keyfile ca.key -cert ca.cert -outdir . -batch -days 3650
        cat ${iterhost}.cert ${iterhost}.key > ${iterhost}.pem
    done

    #Add the CA to the OS trusted certificate store
    cp ca.cert /etc/pki/ca-trust/source/anchors/
    yum install ca-certificates
    update-ca-trust force-enable
    update-ca-trust extract