https://docs.microsoft.com/en-us/windows/win32/seccertenroll/cng-cryptographic-algorithm-providers

Create a Self-Signed Certificate Using PowerShell

New-SelfSignedCertificate

CNG Cryptographic Algorithm Providers

Information technology – Abstract Syntax Notation One (ASN.1): Specification of basic notation

Example

New-SelfSignedCertificate -Type Custom -Subject "My Subject.." `
-KeyUsage DigitalSignature `
-KeyDescription "My Key" `
-KeyExportPolicy ExportableEncrypted `
-FriendlyName "My Friendly Name" `
-CertStoreLocation "Cert:\CurrentUser\My" `
-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3", "2.5.29.19={text}")

switches (only those of interest)

-Subject "Urs Salvisberg"
-FriendlyName "MyFriendlyName"
-CertStoreLocation "Cert:\CurrentUser\My"

-HardwareKeyUsage
Specifies how a hardware key associated with the new certificate may be used.
This parameter applies only when you specify the Microsoft Platform Crypto Provider.
The acceptable values for this parameter are:

None (default)
SignatureKey
EncryptionKey
GenericKey
StorageKey
IdentityKey

-KeyDescription "My Key"
-KeyExportPolicy ExportableEncrypted
-KeyFriendlyName "Urs dodo xx"
-KeyLength 32

login.microsoftonline.com is blocked

-NotAfter
-NotBefore