PEM

  • Generating a TLS/SSL Certificate
1
openssl genrsa -out my_private_key.key 2048 
  • Now that you have a private key, create a public key with it:
1
openssl rsa -in my_private_key.key -pubout > my_public_key.pub
  • Using OpenSSL to View the Status of a Website’s Certificate
1
openssl s_client -connect linuxhandbook.com:443 2>/dev/null | openssl x509 -noout -dates
  • Verifying Information within a Certificate
1
openssl x509 -in certificate.crt -text -noout 
  • Checking a .csr (Certificate Signing Request) type file
1
openssl req -text -noout -verify -in server.csr
  • Verifying a KEY type file
1
openssl rsa -in my_private_key.key -check
  • Verifying a Public Key
1
2
openssl x509 -in certificate.pem -noout -pubkey
openssl rsa -in ssl.key -pubout

PFX

Note: You can try directly specifying the use of the legacy provider in the command, which may force OpenSSL to load the deprecated algorithms at runtime:

  • Export private key
1
openssl pkcs12 -legacy -in tu_certificado.pfx -nocerts -out clave_privada.pem -nodes
  • Export certificates
1
openssl pkcs12 -legacy -in tu_certificado.pfx -clcerts -nokeys -out certificados_publicos.pem