# To create a 2048-bit private key: openssl genrsa -out server.key 2048 # To create the Certificate Signing Request (CSR): openssl req -new -key server.key -out server.csr # To sign a certificate using a private key and CSR: openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt # (The above commands may be run in sequence to generate a self-signed SSL certificate.) # To show certificate information for a certificate signing request openssl req -text -noout -in server.csr # To show certificate information for generated certificate openssl x509 -text -noout -in server.crt # To view certificate expiration: echo | openssl s_client -connect :443 2> /dev/null | \ awk '/-----BEGIN/,/END CERTIFICATE-----/' | \ openssl x509 -noout -enddate # Generate Diffie-Hellman parameters: openssl dhparamm -outform PEM -out dhparams.pem 2048