openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
Generate a self-signed certificate (see How to Create and Install an Apache Self Signed Certificate for more info)
openssl req -x509 -sha256 -nodes -days 365 \
-newkey rsa:2048 -keyout privateKey.key \
-out certificate.crt
openssl req -out CSR.csr -key privateKey.key -new
openssl req -new -sha256 -key domain.key \
-subj "/C=US/ST=CA/CN=example.com" \
-reqexts SAN -config \
<(cat /etc/ssl/openssl.cnf \
<(printf "\n[SAN]\nsubjectAltName=DNS:example.com,DNS:www.example.com")) \
-out domain.csr
openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key
openssl rsa -in privateKey.pem -out newPrivateKey.pem
openssl req -in csr.csr -text -noout -verify
openssl rsa -in key.key -check
openssl x509 -in cert.crt -text -noout
openssl pkcs12 -in keyStore.p12-info
openssl x509 -in certificate.crt -noout -modulus | openssl md5
openssl rsa -in key.key -noout -modulus | openssl md5
openssl req -in csr.csr -noout -modulus | openssl md5
openssl s_client -connect www.paypal.com:443
openssl x509 -inform der -in certificate.cer -out certificate.pem
openssl x509 -outform der -in certificate.pem -out certificate.der
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
You can add -nocerts to only output the private key or add -nokeys to only output the certificates.
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt