openssl req -newkey rsa:2048 \
-x509 \
-nodes \
-keyout niepi.localhost.key \
-new \
-out niepi.localhost.crt \
-subj '/CN=*.niepi.localhost' \
-reqexts SAN \
-extensions SAN \
-config <(cat /System/Library/OpenSSL/openssl.cnf \
<(printf '[SAN]\nsubjectAltName=DNS:*.niepi.localhost')) \
-sha256 \
-days 720