Openssl Commands

Create a Key and CSR

openssl req -nodes -newkey rsa:2048 -sha256 -nodes -keyout mykey.middlewareworld.org.key -out  mykey.middlewareworld.org.csr -subj “/C=US/ST=Texas/L=Austin/O=middlewareworld.org/OU=Middleware/CN=middlewareworld.org”

You need to replace the subject DN with details specific to your organization.

Create Key and a Self-Signed Certificate

openssl req -x509 -nodes -newkey rsa:2048 -sha256 -nodes -keyout mykey.middlewareworld.org.key -out mykey.middlewareworld.org.cer -subj  “/C=US/ST=Texas/L=Austin/O=middlewareworld.org/OU=Middleware/CN=middlewareworld.org”

Check the expiry date of certificates

openssl s_client -connect <target_server_or_ip>:<port>| openssl x509 -dates -noout

You need to replace the target server and port accordingly.

Remove password from key file

openssl rsa -in mykey.middlewareworld.org.key -out privatekey.pem

The privatekey.pem will be without password

Extract Private key and Certificate from PKCS12 Keystore

openssl pkcs12 -in <keystore>.p12 -nodes -nocerts -out <mydomain>.key

openssl pkcs12 -in <keystore>.p12 -nodes -out <mycert>.cer

Note that <mydomain>.key and <mycert>.cer are the extracted files.