Table of Contents

create selfsign
exporting
to pkcs12
dhparams
connect to TLS port

create selfsign

openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

exporting

Run the following command to export the private key: openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
Run the following command to export the certificate: openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
Run the following command to remove the passphrase from the private key: openssl rsa -in key.pem -out server.key

to pkcs12

openssl pkcs12 -export -out c.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -passout pass:<pass>

dhparams

openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

connect to TLS port

openssl s_client --connect <host>:<port>