cacert_extfile () {
    cat <<EOF
basicConstraints=CA:TRUE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
EOF
}

cert_extfile () {
    declare address="$1"

    cat <<EOF
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
subjectAltName=DNS:${address}
EOF
}

ca_name='My CA Name'
address=foo.example.com

openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr -subj "/CN=${ca_name}" -batch
openssl x509 -req -days 3650 -signkey ca.key -in ca.csr -out ca.crt -extfile <(cacert_extfile)

openssl genrsa -out "${address}".key 2048
openssl req -new -key "${address}".key -out "${address}".csr -subj "/CN=${address}" -batch
openssl x509 -req -days 3650 -CA ca.crt -CAkey ca.key -CAcreateserial -in "${address}".csr -out "${address}".crt -extfile <(cert_extfile "$address")