Common OpenSSL Commands with Keys and Certificates
Generate RSA private key (2048 bit)
openssl genrsa -out private.pem 2048
Generate a Certificate Signing Request (CSR)
openssl req -sha256 -new -key private.pem -out csr.pem
Generate RSA private key (2048 bit) and a Certificate Signing Request (CSR) with a single command
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
Convert private key to PEM format
openssl rsa -in server.key -outform PEM -out server.pem
Generate a self-signed certificate that is valid for a year with sha256 hash
openssl x509 -req -sha256 -days 365 -in csr.pem -signkey private.pem -out certificate.pem
View details of a RSA private key
openssl rsa -in private.pem -text -noout
openssl req -in csr.pem -text -noout
View details of a Certificate
openssl x509 -in certificate.pem -text -noout
View details of a Certificate in DER format
openssl x509 -inform der -in certificate.cer -text -noout
Convert a DER file (.crt .cer .der) to PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem
Convert a PEM file to DER
openssl x509 -outform der -in certificate.pem -out certificate.cer
To get a public key for SSH purposes, use ssh-keygen: