N. P. O'Donnell, 2020
Create 2048-bit RSA key:
openssl genrsa -out example.com.key 2048
Create 4096-bit RSA key with AES-128 encrypted passphrase:
openssl genrsa -aes128 -out example.com.key 4096
List available curves:
openssl ecparam -list_curves
Create an EC key with the secp256k1 curve:
openssl ecparam -name secp256k1 -param_enc explicit -genkey -out example.com.key
Create a CSR:
openssl req -new -key example.com.key -out example.com.csr
Self-sign a cert with 1-year validity:
openssl x509 -req -days 365 -in example.com.csr -signkey example.com.key -out example.com.crt
Decode a CSR:
openssl req -in example.com.csr -noout -text
Decode an X.509 Certificate:
openssl x509 -in example.com.crt -text
Remove a passphrase from a key:
openssl rsa -in example.com.key -out example.com.key.dec
Convert cert from DER to PEM:
openssl x509 -inform DER -outform PEM -text -in example.com.der -out example.com.pem
Convert cert from PEM to DER:
openssl x509 -inform PEM -outform DER -text -in example.com.pem -out example.com.der