[robzyb]

We know. They say very clearly on the front page that one of their advantages is:

> Generate and manage SSL certificates quickly and easily without looking up complex OpenSSL commands.

[tzakrajs]

But openssl commands aren't complex. Confusion ensues.

[sigjuice]

OS X includes a convenient app for all this https://imgur.com/zvCzT5l

[M2Ys4U]

I tried generating a self-signed certificate that had multiple SANs the other day and just gave up because I couldn't get it working.

[xorcist]

It doesn't sound like you had trouble with the CA part of OpenSSL if you created a self-signed cert from the command line.

It might be that there's no (that I know of!) convenient way to specify extensions such as SAN on the command line. You have to do it via a configuration file, which you in turn pass as an argument. And that's probably the way you want to do it anyway if you script things!

As long as you do it that way there should be no problems with signing certificates, with or without extensions.