openssl commands that will help you in a pinch

openssl_commands.sh

### Checking and verification ###
# Check a certificate signing requested
openssl req -text -noout -verify -in node_sign_request.csr

# Check a private key
openssl rsa -in node.key -check

# Check a certificate
openssl x509 -in node.crt -text -noout

# Check a PKCS12 file
openssl pkcs12 -info -in keyStore.p12

# Check match CA certificate subject, issuer against node certificate
openssl x509 -in ca.cert.pem -noout -subject -issuer
openssl x509 -in node.cert.pem -noout -issuer -isser

# Verify node certificate against CA
openssl verify -CAfile ca.cert.pem node.cert.pem

# Verify intermediate certificate against CA
openssl verify -CAfile ca.cert.pem intermediate.crt

# Verfiy node certificate against intermediate and root CA
openssl verify -CAfile ca.cert.pem -untrusted intermediate.crt node.cert.pem

### Other commands ###

# Generate new private key and CSR
openssl req -out node_sign_request.csr -new -newkey rsa:4096 -nodes -keyout node.key

# Generate a self-signed certificate
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout node.key -out node.crt

# Generate a CSR for an existing private key
openssl req -out node_sign_request.csr -key node.key -new

# Generate a CSR based on an existing certificate (renewal)
openssl x509 -x509toreq -in node.crt -out node_sign_request.csr -signkey node.key

# Remove passphrase from a private key
openssl rsa -in node.key -out node_no_passphrase.key