OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.

# To generate a 2048bit RSA private key and save it to a file:
openssl genrsa -out <filename.key> 2048

# To generate a certificate signing request to be sent to a certificate authority:
openssl req -new -sha256 -key <filename.key> -out <filename.csr>

# To generate a self-signed certificate from a certificate signing request valid for some number of days:
openssl x509 -req -days <days> -in <filename.csr> -signkey <filename.key> -out <filename.crt>

# To display certificate information:
openssl x509 -in <filename.crt> -noout -text

# To display the start and expiry dates for a domain's certificate:
openssl s_client -connect <host>:<port> 2>/dev/null | openssl x509 -noout -dates

# To display the certificate presented by an SSL/TLS server:
openssl s_client -connect <host>:<port> </dev/null

# To display the complete certificate chain of an HTTPS server:
openssl s_client -connect <host>:443 -showcerts </dev/null

# ---

# To check an SSL connection:
openssl s_client -connect <host>:<port>

# To generate new private key and CSR:
openssl req -out <filename.csr> -new -newkey rsa:2048 -nodes -keyout <filename.key>

# To read contents of a private key:
openssl rsa -check -in <private.key>

# To verify a CSR file:
openssl req -text -noout -verify -in <filename.csr>

# To check MD5 hash of a certificate:
openssl x509 -noout -modulus -in <filename.crt> | openssl md5

# To check MD5 hash of a private key:
openssl rsa -noout -modulus -in <filename.key> | openssl md5

# To check MD5 hash of a CSR file:
openssl req -noout -modulus -in <filename.csr> | openssl md5