-- Generate Root Crt
openssl genrsa  -out /tmp/newcerts93/ca.key 1024
2018-11-14 20:22:25,442 - root - INFO - command executed successfully
openssl req -new -x509  -days 3650 -sha256 -key /tmp/newcerts93/ca.key -out /tmp/newcerts93/ca.pem -subj '/C=UA/O=My Company/CN=My Company Root CA'

Intermediate Key
openssl genrsa  -out /tmp/newcerts93/int.key 1024
openssl req -new -key /tmp/newcerts93/int.key -out /tmp/newcerts93/int.csr -subj '/C=UA/O=My Company/CN=My Company Intermediate CA'
openssl x509 -req -in /tmp/newcerts93/int.csr -CA /tmp/newcerts93/ca.pem -CAkey /tmp/newcerts93/ca.key -CAcreateserial -CAserial /tmp/newcerts93/rootCA.srl -extfile ./pytests/security/v3_ca.ext -out /tmp/newcerts93/int.pem -days 365 -sha256

Generate certs for each node in the cluster
openssl req -new -key /tmp/newcerts93/172.23.120.253.key -out /tmp/newcerts93/172.23.120.253.csr -config ./pytests/security/clientconf3.conf
openssl x509 -req -in /tmp/newcerts93/172.23.120.253.csr -CA /tmp/newcerts93/int.pem -CAkey /tmp/newcerts93/int.key -CAcreateserial -CAserial /tmp/newcerts93/intermediateCA.srl -out /tmp/newcerts93/172.23.120.253.pem -days 365 -sha256 -extfile ./pytests/security/clientconf3.conf -extensions req_ext
openssl x509 -req -days 300 -in /tmp/newcerts93/172.23.120.253.csr -CA /tmp/newcerts93/int.pem -CAkey /tmp/newcerts93/int.key -set_serial 01 -out /tmp/newcerts93/172.23.120.253.pem -extfile ./pytests/security/clientconf3.conf -extensions req_ext
cat /tmp/newcerts93/172.23.120.253.pem /tmp/newcerts93/int.pem /tmp/newcerts93/ca.pem > /tmp/newcerts93/long_chain172.23.120.253.pem

openssl genrsa  -out /tmp/newcerts93/172.23.120.244.key 1024
openssl req -new -key /tmp/newcerts93/172.23.120.244.key -out /tmp/newcerts93/172.23.120.244.csr -config ./pytests/security/clientconf3.conf
openssl x509 -req -in /tmp/newcerts93/172.23.120.244.csr -CA /tmp/newcerts93/int.pem -CAkey /tmp/newcerts93/int.key -CAcreateserial -CAserial /tmp/newcerts93/intermediateCA.srl -out /tmp/newcerts93/172.23.120.244.pem -days 365 -sha256 -extfile ./pytests/security/clientconf3.conf -extensions req_ext
openssl x509 -req -days 300 -in /tmp/newcerts93/172.23.120.244.csr -CA /tmp/newcerts93/int.pem -CAkey /tmp/newcerts93/int.key -set_serial 01 -out /tmp/newcerts93/172.23.120.244.pem -extfile ./pytests/security/clientconf3.conf -extensions req_ext
cat /tmp/newcerts93/172.23.120.244.pem /tmp/newcerts93/int.pem /tmp/newcerts93/ca.pem > /tmp/newcerts93/long_chain172.23.120.244.pem

openssl genrsa  -out /tmp/newcerts93/172.23.122.59.key 1024
openssl req -new -key /tmp/newcerts93/172.23.122.59.key -out /tmp/newcerts93/172.23.122.59.csr -config ./pytests/security/clientconf3.conf
openssl x509 -req -in /tmp/newcerts93/172.23.122.59.csr -CA /tmp/newcerts93/int.pem -CAkey /tmp/newcerts93/int.key -CAcreateserial -CAserial /tmp/newcerts93/intermediateCA.srl -out /tmp/newcerts93/172.23.122.59.pem -days 365 -sha256 -extfile ./pytests/security/clientconf3.conf -extensions req_ext
openssl x509 -req -days 300 -in /tmp/newcerts93/172.23.122.59.csr -CA /tmp/newcerts93/int.pem -CAkey /tmp/newcerts93/int.key -set_serial 01 -out /tmp/newcerts93/172.23.122.59.pem -extfile ./pytests/security/clientconf3.conf -extensions req_ext
cat /tmp/newcerts93/172.23.122.59.pem /tmp/newcerts93/int.pem /tmp/newcerts93/ca.pem > /tmp/newcerts93/long_chain172.23.122.59.pem

openssl genrsa  -out /tmp/newcerts93/172.23.120.241.key 1024
openssl req -new -key /tmp/newcerts93/172.23.120.241.key -out /tmp/newcerts93/172.23.120.241.csr -config ./pytests/security/clientconf3.conf
openssl x509 -req -in /tmp/newcerts93/172.23.120.241.csr -CA /tmp/newcerts93/int.pem -CAkey /tmp/newcerts93/int.key -CAcreateserial -CAserial /tmp/newcerts93/intermediateCA.srl -out /tmp/newcerts93/172.23.120.241.pem -days 365 -sha256 -extfile ./pytests/security/clientconf3.conf -extensions req_ext
cat /tmp/newcerts93/172.23.120.241.pem /tmp/newcerts93/int.pem /tmp/newcerts93/ca.pem > /tmp/newcerts93/long_chain172.23.120.241.pem


Client Certs:
[ req ]
default_bits       = 1024
distinguished_name = req_distinguished_name
req_extensions     = req_ext
prompt             = no

[ req_distinguished_name ]
countryName         = UA
stateOrProvinceName = California
localityName        = Mountain View
organizationName    = My Company
commonName          = ip_address

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS.1 = us.cbadminbucket.com
URI.1 = www.cbadminbucket.com
IP.0 = 172.23.120.241
openssl genrsa  -out /tmp/newcerts93/172.16.1.174.key 1024
openssl req -new -key /tmp/newcerts93/172.16.1.174.key -out /tmp/newcerts93/172.16.1.174.csr -config ./pytests/security/clientconf2.conf
openssl x509 -req -in /tmp/newcerts93/172.16.1.174.csr -CA /tmp/newcerts93/ca.pem -CAkey /tmp/newcerts93/ca.key -CAcreateserial -CAserial /tmp/newcerts93/rootCA.srl -out /tmp/newcerts93/172.16.1.174.pem -days 365 -sha256 -extfile ./pytests/security/clientconf2.conf -extensions req_ext
cat /tmp/newcerts93/172.16.1.174.pem /tmp/newcerts93/int.pem /tmp/newcerts93/ca.pem > /tmp/newcerts93/long_chain172.16.1.174.pem

2018-11-14 20:22:26,039 - root - INFO -  Path is ['subject.cn', 'san.dnsname', 'san.uri'] - Prefixs - ['www.cb-', 'us.', 'www.'] -- Delimeters - ['.', '.', '.']