OpenSSL

Generate cert

Full

DOMAIN=srv.loc
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt
openssl req -newkey rsa:2048 -nodes -keyout ${DOMAIN}.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=${DOMAIN}" -out ${DOMAIN}.csr
openssl x509 -req -extfile <(printf "subjectAltName=DNS:${DOMAIN}") -days 365 -in ${DOMAIN}.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out ${DOMAIN}.crt

Get certificate from site:

openssl s_client -showcerts -servername domain.loc -connect domain.loc:443 </dev/null