openssl s_server -accept 8443 -cert server.crt -key server.key -www Access https://localhost:8443 in browser (ignore cert warning). The -www option sends HTTP status. Though HPKP is deprecated, computing SPKI fingerprint:
Add OpenSSL as a profile in Windows Terminal (JSON settings): openssl for windows 11
openssl enc -aes-256-cbc -salt -in secret.txt -out secret.enc -k myStrongPassword openssl s_server -accept 8443 -cert server
[ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name string_mask = utf8only [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name stateOrProvinceName_default = California localityName = Locality Name 0.organizationName = Organization Name organizationalUnitName = Organizational Unit Name commonName = Common Name (FQDN) commonName_default = localhost emailAddress = Email Address All commands below assume OpenSSL is in PATH and openssl.cnf is correctly configured. Run in Command Prompt, PowerShell, or Windows Terminal. 4.1 Key and Certificate Generation 4.1.1 Generate an RSA Private Key (2048-bit) Run in Command Prompt, PowerShell, or Windows Terminal
openssl x509 -in cert.pem -outform DER -out cert.der