openSSL is a very handy tool from the command line. Managing multiple sites and domains I almost use it everyday to do crypto relating things to websites - checking validity, preparing new CSRs, converting certificates to different formats for different operating systems. Here are some of those that I’ve used along the way
Read .cer in plain text
openssl x509 -in certificate.cer -text -noout
convert from pkcs12 (windows format, with private key and cert) to pem (-nocerts for only priv key or -nokeys for only certs)
openssl pkcs12 -in keystore.pfx -out keystore.pem -nodes
Read pfx cert
openssl pkcs12 -info -in cert.pfx
Read website SSL cert
openssl s_client -showcerts -servername www.google.com -connect www.google.com:443
using -servername for SNI
Get website SSL expiry
openssl s_client -showcerts -connect www.google.com:443 | openssl x509 -noout -dates
Convert privkey and cert to pfx (going from linux to windows)
openssl pkcs12 -export -out cert.pfx -inkey privkey.key -in cert.crt -certfile CAcert.cert -name "Friendly_name"
-name will add the Friendly name that shows up in windows certificate manager and IIS
Testing mail servers are using ssl
openssl s_client -connect mail.example.com:25 -starttls smtp
verify csr
openssl req -in mycsr.csr -noout -text