It doesn't sound like you had trouble with the CA part of OpenSSL if you created a self-signed cert from the command line.
It might be that there's no (that I know of!) convenient way to specify extensions such as SAN on the command line. You have to do it via a configuration file, which you in turn pass as an argument. And that's probably the way you want to do it anyway if you script things!
As long as you do it that way there should be no problems with signing certificates, with or without extensions.
It might be that there's no (that I know of!) convenient way to specify extensions such as SAN on the command line. You have to do it via a configuration file, which you in turn pass as an argument. And that's probably the way you want to do it anyway if you script things!
As long as you do it that way there should be no problems with signing certificates, with or without extensions.