openssl genrsa -out test.com.key 4096
cat > ssl.conf <<-EOF
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = PT
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Porto
localityName = Locality Name (eg, city)
localityName_default = Porto
organizationName = Organization Name (eg, company)
organizationName_default = Marcelo Almeida
organizationalUnitName = Organizational Unit Name
organizationalUnitName_default = Marcelo Almeida CA
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
commonName_default = malmeida.dev
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = malmeida.dev
DNS.2 = www.malmeida.dev
EOF
openssl req -new -key test.com.key -config ssl.conf -out test.com.csr
openssl req -text -noout -in test.com.csr
openssl x509 -req -in test.com.csr -CA bundle.crt -CAkey ca-sre-key.pem -CAcreateserial -out test.com.crt -days 500 -sha256 -extensions req_ext -extfile ssl.conf
cat bundle.crt >> test.com.crt
openssl x509 -in test.com.crt -text -noout
curl -s -L https://www.geotrust.com/resources/root_certificates/certificates/GeoTrust_Primary_CA.pem | keytool -keystore cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias GeoTrust_Primary_CA -file /dev/stdin
openssl verify -verbose -CAfile cacert.pem test.com.crt
echo |openssl s_client -showcerts -servername github.com -connect github.com:443 | openssl x509 -text
openssl x509 -in test.com.crt -noout -modulus | openssl sha1
openssl rsa -in test.com.key -noout -modulus | openssl sha1
openssl req -noout -modulus -in test.com.csr | openssl sha1
openssl x509 -noout -fingerprint -sha256 -inform pem -in test_com.crt
openssl crl2pkcs7 -nocrl -certfile bundle.crt | openssl pkcs7 -print_certs -noout # -text
openssl pkcs12 -export -nokeys -in certificate.cer -out pkcs12.pfx
openssl pkcs12 -in pkcs12.pfx -info