openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_bits:2048 Alternative legacy: openssl genrsa -out private.key 2048
openssl s_client -connect cloudflare.com:443 -tls1_3
[v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names openssl for windows 11
openssl req -x509 -newkey rsa:2048 -keyout selfsigned.key -out selfsigned.crt -days 365 -nodes -subj "/CN=localhost" Create a san.cnf file:
[req] distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no [req_distinguished_name] CN = myapp.local openssl genpkey -algorithm RSA -out private
openssl x509 -in certificate.crt -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl base64 Download a CRL and verify:
openssl x509 -in cert.pem -outform DER -out cert.der openssl for windows 11
openssl s_client -connect internal.server:443 -cipher ECDHE-RSA-AES128-GCM-SHA256