openssl req -newkey rsa:2048 -nodes -keyout san.key -out san.csr -config san.cnf openssl x509 -req -in san.csr -signkey san.key -out san.crt -days 365 -extensions v3_req -extfile san.cnf 4.2.1 View a Certificate (Text Dump)
openssl crl2pkcs7 -nocrl -certfile certificate.crt -out certificate.p7b OpenSSL’s s_client is invaluable for debugging HTTPS, SMTP, IMAP, or custom TLS services.
# In WSL terminal sudo apt update sudo apt install openssl -y openssl version Access Windows files: openssl req -new -key /mnt/c/Users/YourName/key.pem ... openssl for windows 11
[ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name string_mask = utf8only [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name stateOrProvinceName_default = California localityName = Locality Name 0.organizationName = Organization Name organizationalUnitName = Organizational Unit Name commonName = Common Name (FQDN) commonName_default = localhost emailAddress = Email Address All commands below assume OpenSSL is in PATH and openssl.cnf is correctly configured. Run in Command Prompt, PowerShell, or Windows Terminal. 4.1 Key and Certificate Generation 4.1.1 Generate an RSA Private Key (2048-bit)
openssl enc -d -aes-256-cbc -in secret.enc -out decrypted.txt -k myStrongPassword openssl req -newkey rsa:2048 -nodes -keyout san
openssl s_client -starttls smtp -connect mail.example.com:587 4.5.1 Compute SHA-256 Hash
[req] distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no [req_distinguished_name] CN = myapp.local Run in Command Prompt, PowerShell, or Windows Terminal
[alt_names] DNS.1 = myapp.local DNS.2 = www.myapp.local IP.1 = 192.168.1.100 IP.2 = 10.0.0.5