[2] Add under [ v3_ca ] the line:

subjectAltName=URI:'http://bshambaugh.org/profile#me'

basicConstraints = CA:false

[3] openssl 2048 > localhost.key [4] openssl req -new -x509 -nodes -sha256 \-days 3650 -key localhost.key -subj '/O=WebID/CN=Brent Shambaugh/' > localhost.crt

[5] openssl x509 -noout -text -in localhost.crt

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 12316411301973396186 (0xaaecaed2f1bb0ada)

Signature Algorithm: sha256WithRSAEncryption

Issuer: O=WebID, CN=Brent Shambaugh

Validity

Not Before: Aug 25 15:07:43 2016 GMT

Not After : Aug 23 15:07:43 2026 GMT

Subject: O=WebID, CN=Brent Shambaugh

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

Public-Key: (2048 bit)

Modulus:

00:c4:1f:69:30:21:88:e6:13:f3:df:09:e5:cd:50:

68:59:9e:5c:c6:f8:90:45:b5:1a:b6:c1:cf:d6:86:

25:b6:52:bc:58:59:36:1d:1e:ca:34:5c:47:37:a3:

23:e9:f9:de:bd:53:44:2f:dd:18:38:b0:de:19:10:

73:79:5c:70:8c:3c:44:22:e7:64:06:ff:83:c8:2f:

ca:ab:7a:13:e9:13:55:c7:ed:b2:75:cb:d4:93:d6:

ef:1a:25:c3:ed:74:cb:3a:9f:2d:a6:c8:61:83:f7:

04:e1:af:4c:d9:a5:93:fa:0c:21:cd:5f:cc:86:21:

8f:8f:63:bc:ba:0c:c0:b8:41:d4:5e:2a:16:b5:cb:

48:d1:29:be:e3:ff:36:3f:22:a3:34:d8:4c:06:0e:

96:58:38:75:da:40:83:cb:1f:e0:7b:6f:b1:00:dc:

63:21:22:a4:6d:39:89:e6:3d:79:ca:ff:7f:10:4f:

16:b0:43:6f:26:f6:04:bb:69:49:87:ac:15:cc:8a:

24:40:df:74:92:28:d5:83:5d:77:43:3c:7a:31:2f:

32:8a:51:e2:dd:c0:d3:8b:a5:95:45:50:4f:2f:6d:

fa:d1:6d:e6:02:db:19:3a:2d:ca:60:11:bd:53:14:

98:74:4a:90:52:16:c2:87:d8:c2:f9:cb:fe:63:fe:

e3:ab

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Subject Key Identifier:

35:BB:34:0C:42:38:F8:8E:A1:E7:D7:B9:05:30:2B:BF:49:AD:74:4C

X509v3 Authority Key Identifier:

keyid:35:BB:34:0C:42:38:F8:8E:A1:E7:D7:B9:05:30:2B:BF:49:AD:74:4C

X509v3 Basic Constraints:

CA:FALSE

X509v3 Subject Alternative Name:

URI:http://bshambaugh.org/profile#me

Signature Algorithm: sha256WithRSAEncryption

0f:b3:65:41:cc:d1:9f:81:a4:62:be:80:7f:f1:0a:ee:b2:24:

85:d3:b2:41:e6:f6:e3:10:e4:72:61:d0:d5:5e:07:71:ef:63:

6d:43:5b:ea:e1:77:9e:66:05:f2:de:17:c1:b7:9c:7b:91:d8:

41:45:a2:b3:1e:f8:c1:41:c0:58:6f:f3:43:22:7c:a8:17:8d:

b7:51:ae:b8:fc:5d:2f:bb:88:ae:b4:8e:d4:65:fe:8d:05:95:

09:ec:c5:42:04:9d:ce:f7:25:f7:02:b5:87:54:46:d7:9f:90:

ad:e3:6a:8e:bc:17:a1:33:b1:47:bd:a2:99:69:ef:b3:47:72:

63:07:be:4a:fe:6e:c4:0e:59:f9:14:c7:49:0b:97:d6:13:97:

0f:d7:52:e2:c8:19:54:24:a0:fb:54:2e:a7:12:d7:f2:e8:e7:

1e:26:62:7f:0f:2f:58:ed:f4:fb:7a:e1:21:4b:e1:e0:0c:f2:

36:ab:cd:a2:ab:f5:25:14:55:b1:78:95:b4:23:af:e2:ce:95:

28:07:21:5e:74:2e:7d:1b:67:b1:67:66:9e:49:22:9e:82:2f:

9a:64:eb:53:41:ee:0f:ce:18:0e:80:94:f0:4a:5d:ab:50:fc:

f3:4d:5c:94:e4:7f:82:c0:65:8d:1e:1f:0e:21:ca:c5:a4:77:

29:f7:c3:ee

------------

Inspiration: http://stackoverflow.com/questions/21488845/how-can-i-generate-a-self-signed-certificate-with-subjectaltname-using-openssl

Reference: https://tools.ietf.org/html/rfc5280

-------------------

The idea is to embed this in the php exec() or shell_exec() function. If this does not work satisfactorily of if Node.js is desired instead try https://www.npmjs.com/package/webid