# Generate a new CSR with private key
opensslreq-new-newkeyrsa:2048-nodes-keyoutprivate.key-outcsr.csr
# Generate a CSR for an existing private key
opensslreq-new-keyprivate.key-outcsr.csr
# Generate a CSR based on an existing certificate
opensslx509-x509toreq-incert.crt-outcsr.csr-signkeyprivate.key
# Generate a self-signed certificate
opensslreq-x509-sha256-nodes-days365-newkeyrsa:2048-keyoutprivate.key-outcert.crt
# Remove a passphrase from a private key
opensslrsa-inprivate.pem-outnewprivate.pem
# Output a CSRs content
opensslreq-text-noout-verify-incert.csr
# Check a private key is valid
opensslrsa-check-inprivate.key
# Output a certficates content
opensslx509-text-noout-incert.crt
# Output a PKCS#12 file (.pfx or .p12) content
opensslpkcs12-info-incert.p12
# Verify a csr, key, and cert are all from the same request by verifying the moduluscsr_file=cert.csr
key_file=cert.key
cert_file=cert.cer
opensslreq-noout-modulus-in${csr_file};opensslrsa-noout-modulus-in${key_file};opensslx509-noout-modulus-in${cert_file}# Output a TLS certificateecho""|openssls_client-connectwww.server.com:443
echo""|openssls_client-showcerts-connectwww.server.com:443|opensslx509-text-noout
# Convert a PKCS#12 file (.pfx .p12) containing a private key and cert to PEM# add -nocerts to output only the private key# add -nokeys to output only the cert
opensslpkcs12-nodes-inkeyStore.pfx-outkeyStore.pem
# Convert a PEM and private key to PKCS#12 (.pfx .p12)
opensslpkcs12-export-outcert.pfx-inkeyprivate.key-incert.crt-certfileca.crt
# Convert a DER file (.crt .cer .der) to PEM
opensslx509-informder-incert.cer-outcert.pem
# Convert a PEM file to DER
opensslx509-outformder-incert.pem-outcert.der