$ echo | openssl s_client -connect www.example.com:https 2>/dev/null | openssl x509 -noout -text
$ echo | openssl s_client -connect www.example.com:https 2>/dev/null | openssl x509 -noout -dates
notBefore=Aug 4 00:00:00 2016 GMT
notAfter=Sep 19 23:59:59 2017 GMT
$ echo | openssl s_client -connect www.example.com:https 2>/dev/null | openssl x509 -noout -issuer
issuer= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
$ openssl x509 -in $domain.crt -noout -text
$ openssl req -in $domain.csr -noout -text
$ openssl rsa -aes192 -in $domain.key -noout -text
Generate key and CSR.
$ openssl req -newkey rsa:2048 -nodes -keyout $domain.key -out $domain.csr
Generate CSR from existing key.
$ openssl req -key $domain.key -new -out $domain.csr
Generate CSR for renewal from existing certificate and key.
$ openssl x509 -in $domain.crt -signkey $domain.key -x509toreq -out $domain.csr
Generate key and self-signed certificate.
$ openssl req -newkey rsa:2048 -nodes -keyout $domain.key -x509 -days 365 -out $domain.crt
Generate self-signed certificate from existing key.
$ openssl req -key $domain.key -new -x509 -days 365 -out $domain.crt
Generate self-signed certificate from existing key and CSR.
$ openssl x509 -signkey $domain.key -in $domain.csr -req -days 365 -out $domain.crt
Generating an encrypted private key.
$ openssl genrsa -aes256 -out domain.key 2048
Generating an unencrypted private key.
$ openssl genrsa -nodes -out domain.key 2048
The modulus field of the related key, certificate and CSR will match.
$ openssl rsa -noout -modulus -in $domain.key | openssl md5
$ openssl x509 -noout -modulus -in $domain.crt | openssl md5
$ openssl req -noout -modulus -in $domain.csr | openssl md5
Omitting -in and -out will use stdin and stdout.
Encryption and decryption.
$ openssl enc -h
$ enc -e -aes-256-cbc -in file.txt -out file.aes256cbc
$ enc -d -aes-256-cbc -in file.aes256cbc -out file.txt
Digest and
$ openssl dgst -h
$ openssl dgst -sha256 file.txt
$ openssl dgst -sha256 -hmac MYKEY file.txt