• to generate a triple DES private key which has to be encrypted with pass phrase, 1024 bits used for key, randfile[s] containing random data used to seed the random number generator

     openssl genrsa -des3 -out mykey.pem [-rand randfiles] 1024
     chmod 400 mykey.pem

• to generate a certificate request(CSR) for a user:

     openssl req -new -days 365 -key mykey.pem -out myreq.pem \
                    -extensions user_ext

• to create a private key and generate a certificate request without encryption for a server

     openssl req -extensions server_ext -nodes -keyout myserver.key \
                    -out myserver.req 1024
     chmod 400 myserver.key

• to change the pass phrase in the private key:

     cp key.pem key.pem.old
     openssl rsa -in key.pem.old -out key.pem

• to print out the components of a private key to standard out:

     openssl rsa -noout -text -in key.pem

• to examine and verify certificate request:

     openssl req -noout -text -verify -in userreq.pem

• to convert a private key from PEM to DER format:

     openssl rsa -in userkey.pem -out userkey.der -outform DER 
                  # MS Internet Explorer

• to verify certificate chains:

     openssl verify [-CApath directory] cert.pem

• to display the contents of a certificate:

     openssl x509 -noout -text -in cert.pem

• to display the certificate MD5 fingerprint:

     openssl x509 -noout -fingerprint -in cert.pem

• to display the certificate SHA1 fingerprint:

     openssl x509 -noout -sha1 -fingerprint -in cert.pem

• to convert a certifcate from PEM to DER format:

     openssl x509 -in cert.pem -out cert.der -outform DER 
                  # MS Internet Explorer

• to create a PKCS#12 file, input: file to read certificates from(PEM),
  (input for Netscape)
  

     cat cert1.pem cert2.pem mycert.pem > certs.pem
     openssl pkcs12 -export -in certs.pem -inkey mykey.pem -out user.p12 \
             -name "Willi Winzig, DESY Zeuthen"

   or 
     openssl pkcs12 -export -in mycert.pem -inkey mykey.pem -out user.p12 \
             -certfile othercerts.pem -name "Willi Winzig, DESY Zeuthen"

• to print some info about the PKCS#12 file:

     openssl pkcs12 -noout -info -in user.p12

Shortcuts:

• CA	Certificate Authority 

• CRL	Certificate Revocation List 

• CSR	Certificate Signing Request 

• DCA	Deligate Certificate Authority 

• DER	Data Encryption Standard 

• DES	Data Encryption Standard 

• DH	Diffie-Hellmann 

• DSA	Digital Signature Algorithm 

• DSS	Digital Signature Standard 

• ICE	Interworking Public Key Certification Infrastructure for Europe 

• IDEA	International Data Encryption Algorthm 

• MD5	Message Digest #5 

• PEM	Privacy Enhanced Mail 

• PGP	Pretty Good Privacy 

• PKI	Public-Key Infrastructure 

• PKIX	Public-Key Infrastructure on X.509 basis

• RSA	Ron Rivest, Fiat Shamir, Leonard Adleman 

• SHA	Secure Hash Algorithm 

• S/MIME	Secure/Multipurpose Internet Mail Extentions 

• SSL	Secure Socket Layer 

• X.509	ITU-T recommendations X.509 (the Directory - Authentication Framework)