• Create self-signed certificate + private key (remove -nodes for passphrase private key) 
    openssl req -x509 -nodes -subj '/C=.../ST=.../L=.../OU=.../CN=...' -newkey rsa:2048 -days 365 -keyout name--key.pem -out name--cert.pem
  • Create CSR + private key 
    openssl req -nodes -subj '/C=.../ST=.../L=.../OU=.../CN=...' -newkey rsa:2048 -keyout name--key.pem -out name--csr.pem
  • Verify CSR 
    openssl req -in name--csr.pem -noout -text
  • Verify certificate 
    openssl x509 -in name--cert.pem -noout -text
  • Create PCKS12: 
    openssl pkcs12 -export -out PSI-UVT-GRID-DigiCert.pfx -inkey psi-grid-digicert--key.pem -in psi-grid-digicert--crt.pem -certfile DigiCertCA.crt -certfile TrustedRoot.crt
  • Check remote host SSL certificate: 
    openssl s_client -connect hostname:port