As of OpenSSL 1.1.1, providing subjectAltName directly on command line becomes much easier, with the introduction of the -addext flag to openssl req (via this commit).. OpenSSL also has an active GitHub repository with examples too. You can create RSA key pairs (public/private) from PowerShell as well with OpenSSL. The openssl program is a command line tool for using the various cryptography functions of openssl's crypto library from the shell.. $ openssl genrsa -out example.com.key 4096 $ openssl req -new -sha256 -key example.com.key -out example.com.csr. The commit adds an example to the openssl req man page:. openssl x509 -req -in client.csr -signkey client.key -passin pass:clientPK -CA client-ca.crt -CAkey client-ca.key -CAkeypassin pass:client-caPK <-- does not work -CAcreateserial -out client.crt -days 365 See the highlighted parameter. I expect something like this, but I cannot find it anywhere in the docs. Sign a certificate request: openssl ca -in req.pem -out newcert.pem Sign a certificate request, using CA extensions: openssl ca -in req.pem -extensions v3_ca -out newcert.pem Generate a CRL openssl ca -gencrl -out crl.pem Sign several requests: openssl ca -infiles req1.pem req2.pem req3.pem Certify a Netscape SPKAC: openssl ca -spkac spkac.txt The openssl program is a command line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. openssl req -new -newkey rsa:2048 -nodes -out request.csr -keyout private.key Similar to the previous command to generate a self-signed certificate, this command generates a CSR. You request the certificate the CA determines the length the certificate will be valid. The -noout switch omits the output of the encoded version of the CSR. Convert a certificate to a certificate request: openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem Convert a certificate request into a self signed certificate using extensions for a CA: openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \ -signkey key.pem … Running this command provides you with the following output: verify OK Certificate Request… OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them. $ openssl asn1parse