Creates a 4096-bit RSA certificate valid for 10 years with Subject Alternative Names:
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
-keyout example.key \
-out example.crt \
-subj "/CN=*.dvirus.local" \
-addext "subjectAltName=DNS:dvirus.local,DNS:*.dvirus.local"
Output:
example.crt(certificate) andexample.key(private key).
Download OpenSSL for Windows if needed.
# Extract encrypted private key
openssl pkcs12 -in dvirus.pfx -nocerts -out dvirus.key
# Extract certificate
openssl pkcs12 -in dvirus.pfx -clcerts -nokeys -out dvirus.crt
# Decrypt the private key
openssl rsa -in dvirus.key -out dvirus-decrypted.key
openssl rsa -in dvirus-decrypted.key -out dvirus-key.pem -outform PEM
openssl x509 -in dvirus.crt -out dvirus.pem -outform PEM
openssl pkcs12 -in cert.pfx -nocerts -out key.pem
openssl rsa -in key.pem -out server.key
openssl pkcs12 -in cert.pfx -nokeys -out cert.pem
openssl x509 -inform der -in ca.cer -out cacertificate.pem