openssl req -new -key private.key -out request.csr -subj "/C=US/ST=Texas/L=Austin/O=MyOrg/CN=myserver.example.com"
openssl x509 -in certificate.crt -text -noout For CSR: openssl req -in request.csr -text -noout openssl for windows 11
openssl verify -CAfile root.crt -untrusted intermediate.crt server.crt Windows 11 native tools (certlm.msc, certmgr.msc) prefer PKCS#12 (.pfx/.p12) or DER (.cer). OpenSSL bridges the gap. openssl req -new -key private
Import-PfxCertificate -FilePath C:\path\to\bundle.pfx -CertStoreLocation Cert:\LocalMachine\My -Password (ConvertTo-SecureString "YourPassword" -AsPlainText -Force) For DER (.cer) as trusted root: openssl for windows 11
openssl crl2pkcs7 -nocrl -certfile certificate.crt -out certificate.p7b OpenSSL’s s_client is invaluable for debugging HTTPS, SMTP, IMAP, or custom TLS services.
openssl s_client -connect cloudflare.com:443 -tls1_3