Sometimes you need to debug a generated TLS certificate. I always forget CLI arguments, thus as a reminder for myself:
Let’s create a dummy RSA certificate for testing with openssl, quick and dirty
openssl genpkey -algorithm RSA -out privatekey.pem -pkeyopt rsa_keygen_bits:4096
create an RSA based key
openssl req -new -key privatekey.pem -out certrequest.csr
interactive generate the cert request. You can review it later with openssl req -text -noout -in certrequest.csr.
openssl x509 -req -in certrequest.csr -signkey privatekey.pem -out certificate.pem -days 31
now self sign the certificate
cat privatekey.pem certificate.pem > server.pem
and add the certificate to the key, thus we have now a PEM certificate.
While it is deployed to a web server curl -v … comes in handy. Check for TLSv1.* and the Server certificate:.
If you are not really legacy, please consider using ECDSA keys. (They are much smaller, too!)
openssl genpkey -algorithm EC -out privatekey.pem -pkeyopt ec_paramgen_curve:P-384