I find the selfsigned command from cfssl to be a great command for testing. It allows for quickly generating a certificate which has a very short validation time should it mistakenly be used in Production.

What is currently missing in it is support for Subject Alternatine Names

I have attempted the following JSON

{
    "hosts": [
        "example.com",
        "www.example.com"
    ],
    "CN": "www.example.com",
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [{
        "C": "US",
        "L": "San Francisco",
        "O": "Example Company, LLC",
        "OU": "Operations",
        "ST": "California"
    }]
}

cfssl selfsign "www.example.com" csr.json

The resulting certificate does not contain a SAN field.

I have also attempted supplying a list in the host argument

cfssl selfsign "www.example.com, subdomain.example.com" csr.json

However that does not help either.

Could we have support for SAN on cfssl selfsign?