openssl req -new -key private.key -out request.csr Interactive prompts for distinguished name. Use -subj for non-interactive scripting:
# In WSL terminal sudo apt update sudo apt install openssl -y openssl version Access Windows files: openssl req -new -key /mnt/c/Users/YourName/key.pem ... openssl for windows 11
openssl x509 -in certificate.crt -text -noout For CSR: openssl req -in request.csr -text -noout openssl req -new -key private
openssl req -x509 -newkey rsa:2048 -keyout selfsigned.key -out selfsigned.crt -days 365 -nodes -subj "/CN=localhost" Create a san.cnf file: openssl for windows 11
function New-SelfSignedCertOpenSSL param([string]$CN = "localhost", [int]$Days = 365) $keyPath = "$env:TEMP\$CN.key" $crtPath = "$env:TEMP\$CN.crt" openssl req -x509 -newkey rsa:2048 -keyout $keyPath -out $crtPath -days $Days -nodes -subj "/CN=$CN" openssl pkcs12 -export -out "$env:TEMP\$CN.pfx" -inkey $keyPath -in $crtPath -password pass: Import-PfxCertificate -FilePath "$env:TEMP\$CN.pfx" -CertStoreLocation Cert:\LocalMachine\My Remove-Item $keyPath, $crtPath, "$env:TEMP\$CN.pfx"
[alt_names] DNS.1 = myapp.local DNS.2 = www.myapp.local IP.1 = 192.168.1.100 IP.2 = 10.0.0.5