# create selfsign

```
openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
```

# exporting

```
Run the following command to export the private key: openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
Run the following command to export the certificate: openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
Run the following command to remove the passphrase from the private key: openssl rsa -in key.pem -out server.key 
```

# to pkcs12

```
openssl pkcs12 -export -out c.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass:<pass>
```

# dhparams

```
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
```

# connect to TLS port

```
openssl s_client --connect <host>:<port>
```