In Linux you can create a self signed certificate pretty easily, you can even create a request for multiple sites supported by one certificate, it looks something like this: cd /etc/pki/tls/private/ SAN="DNS:*.example.com, DNS:other.example.com.com" openssl req -new -key ca.key -out all.example.com.csr Type in some answers here when prompted, probably for www.example.com as the server and so on. Okay, but now I need to server to sign that request, so: openssl x509 -req -days $((365 * 3)) -in all.example.com.csr -signkey ca.key So that works. Internet Explorer won't let me export the key because of course it doesn't match (and I'm working with a limited permission user as recommended) but Chrome does.
Active DirectoryC:\>certreq -submit -attrib "CertificateTemplate:WebServer" request.csr See: https://www.md3v.com/import-an-openssl-csr-into-windows-ca-server |