#Create SSL key and CSR (Certificate Sign Request) by req
$ openssl req -new -newkey rsa:2048 -nodes -keyout foo_server.key -out bar_server.csr#Create SSL key and CSR by genrsa
$ openssl genrsa -aes128 -out foo_server.key 2048
$ openssl genrsa -des3 -out foo_server.key 2048
#if you don't need passphrase, leave encrypt blank
$ openssl req -new -key foo_server.key -out bar_server.csrref: link
#Create self sign certificate (do the trick by -x509)
$ openssl req -new -x509 -key new.pem -days 3650 -out cert.crt#Read csr
$ openssl req -noout -text -in foo_server.csr#Convert key to pem
$ openssl rsa -in foo_server.key -outform PEM -out bar_server.pem#Check certificate chain
$ openssl verify -CAfile RootCert.pem -untrusted Intermediate.pem UserCert.pem#Some Apache Note
$ grep -i -r "SSLCertificateFile" /etc/httpd/
$ apachectl configtest#Frequently use Openssl command https://www.sslshopper.com/article-most-common-openssl-commands.html https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs