openssl s_client -connect localhost:636 -showcerts
openssl verify -CApath /etc/pki/tls/certs -verbose <certificate-name.crt>
openssl x509 -noout -issuer -in <certificate-name.crt>
openssl x509 -noout -fingerprint -in <certificate-name.crt>
openssl x509 -text -in <certificate-name.crt>
openssl x509 -noout -text -in <certificate-name.crt>
openssl x509 -noout -issuer -in <certificate-name.crt>
openssl x509 -noout -subject -in <certificate-name.crt>
openssl x509 -noout -dates -in <certificate-name.crt>
openssl x509 -noout -issuer -subject -dates -in <certificate-name.crt>
openssl x509 -noout -hash -in <certificate-name.crt>
openssl x509 -noout -fingerprint -in <certificate-name.crt>
openssl req -noout -text -in <request.csr>
openssl rsa -in <certificate-name.key> -out <neueskeyfile.key>
openssl rsa -des3 -in <certificate-name.key> -out <neueskeyfile.key>
The DER format is a binary form of a certificate, rather than the ASCII PEM format
It is usually stored in Base64 ASCII format and has a file extension of P7B or .p7c. P7B. A P7B file contains only certificates and chain certificates, not the private key. Some platforms support P7B files, including Microsoft Windows and Java Tomcat.
It is a binary format for storing the server certificate, all intermediate certificates and the private key in an encrypted file. PFX files usually have extensions like .pfx and .p12. PFX files are usually used on windows machines, import and export of certificates and private keys.
openssl pkcs12 -export -in Zertifikat.crt.pem -inkey Zertifikat.key.pem -out Zertifikat.p12 -certfile SSLCertifikateChainFile.pem
openssl x509 -outform der -in certificate.pem -out certificate.der
openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer
openssl x509 -inform der -in certificate.cer -out certificate.pem
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer
openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
To apply for the certificate, the csr file is sent to the certifying body after the generation has been completed.
openssl genrsa -out <certificate-name.key> 2048
openssl req -new -key <certificate-name.key> -out <certificate-name.csr>
openssl rsa -des3 -in <certificate-name.key> -out <certificate-name.key.sec>