Create new private key:

openssl genrsa -out myServer.key 2048

Create self-signed certificate, good for 10 years:

openssl req -x509 -key myServer.key -out myServer.crt -days 3652

Create new Certificate Signing Request:

openssl req -new -key myServer.key -out myServer.csr

Verify CSR details:

openssl req -text -noout -verify -in myServer.csr

Create a PKCS12 bundle file from cert/key

openssl pkcs12 -export -out myFile.p12 -inkey myServer.key -in MyServer.crt

Unbundle a PKCS12 file to PEM cert:

openssl pkcs12 -in myFile.pfx -out myCert.pem -clcerts -nokeys

Unbundle PKCS12 file to PEM key:

openssl pkcs12 -in myFile.pfx -out myKey.key -nocerts -node

Convert a key from PEM to RSA format

openssl rsa -in myServer.key -out myServer-rsa.key

Check if a cert matches a key:

openssl x509 -noout -modulus -in myServer.crt | openssl md5 ;\ openssl rsa -noout -modulus -in myServer.key | openssl md5

Perform a simulate SSL handshake to a website:

openssl s_client -connect www.mysite.com:443