I already know how to add Subject Alternative Names (SANs) to a Certificate Signing Request and I know it's possible to manually add once again to a certificate which is similar to add SAN to csr using OpenSSL like this:
openssl x509 -req -extfile < (printf "subjectAltName=IP:xxx" -days xxx -in xxx.csr -signkey xxx.key -out xxx.crt
Is there a way to achieve this with CLI?
The key is copy_extensions. I'll try it. And this link explains it: https://unix.stackexchange.com/a/372393