-set PATH=%~dp0..\..\lib;%~dp0..\..\bin\r
-%~dp0..\..\bin\openssl.exe req -x509 -days %DAYS% -newkey rsa:2048 -nodes -keyout %~dp0sp-key.pem -out %~dp0sp-cert.pem -subj /CN=%FQDN% -config %~dp0openssl.cnf -extensions usr_cert -set_serial 0\r
+set PATH=%PREFIX%..\..\lib;%PREFIX%..\..\bin\r
+set CNF="%PREFIX%sp-cert.cnf"\r
+echo # OpenSSL configuration file for creating sp-cert.pem >%CNF%\r
+echo [req] >>%CNF%\r
+echo prompt=no >>%CNF%\r
+echo default_bits=2048 >>%CNF%\r
+echo encrypt_key=no >>%CNF%\r
+echo default_md=sha1 >>%CNF%\r
+echo distinguished_name=dn >>%CNF%\r
+echo # PrintableStrings only >>%CNF%\r
+echo string_mask=MASK:0002 >>%CNF%\r
+echo x509_extensions=ext >>%CNF%\r
+echo [dn] >>%CNF%\r
+echo CN=%FQDN% >>%CNF%\r
+echo [ext] >>%CNF%\r
+if defined ENTITYID (echo subjectAltName=DNS:%FQDN%,URI:%ENTITYID% >>%CNF%) else (echo subjectAltName=DNS:%FQDN% >>%CNF%)\r
+echo subjectKeyIdentifier=hash >>%CNF%\r
+%PREFIX%..\..\bin\openssl.exe req -config %PREFIX%sp-cert.cnf -new -x509 -days %DAYS% -keyout %PREFIX%sp-key.pem -out %PREFIX%sp-cert.pem\r
+del %CNF%\r