Basic use to create self-signed certificate
# Generate SSL privvate key self signed certificate for 10 years openssl req -x509 -newkey rsa:4096 -sha256 -keyout server.key -out cert.crt -days 3650 -nodes
Create request to sign in some trusted CA
openssl req -out server.csr -new -sha256 -newkey rsa:4096 -nodes -keyout server.key cat server.csr
than submit CSR to CA
Other
# see the certificate openssl x509 -in cert.crt -text -noout # combine certificate and key in pem keypair file cat server.key -out server.crt > keypair.pem
Check SSL connection
openssl s_client -connect server.example.com:443