I am trying to setup mongoDB replication set using TLS on three machines

1. orgpi5arch.yushei.net
2. hc4Jammy.yushei.net
3. hc4MnMin.yushei.net

• mongodb.conf

net:
  port: 27999
  bindIp: 0.0.0.0   # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.
  
  tls:
      mode: requireTLS
      certificateKeyFile: /opt/xfs/mongodb/x.509/mongoCertificate.pem
      CAFile: /opt/xfs/mongodb/x.509/mongoCA.crt

And the certificate should have Subject Alternative Name property.

How to use openssl to create these self-singed certificates?