Self-signed cert with SAN openssl
One-liner self-signed cert valid 1y; SAN required or TLS clients reject it
openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 -subj "/CN=<host>" -addext "subjectAltName=DNS:<host>"
more openssl
all 27 commands →
PEM to PKCS12 bundle
openssl pkcs12 -export -in cert.pem -inkey key.pem -certfile ca-chain.pem -out bundle.p12 -name <name>
STARTTLS protocol probe
openssl s_client -connect <host>:5432 -starttls postgres -showcerts </dev/null 2>/dev/null
Generate Ed25519 key
openssl genpkey -algorithm ed25519 -out ed25519.pem
Test specific TLS protocol
openssl s_client -connect <host>:443 -tls1_2 </dev/null 2>&1 | grep -E 'Protocol|Cipher'
Generate RSA private key
openssl genrsa -out private.key 4096