My personal reference for openssl commands (more coming now and then)


Verifying that a Certificate is issued by a CA

openssl verify -verbose -CAfile cacert.pem server.crt
server.crt: OK

The OK in the second line indicates that the Certificate is really issued by the tested CA.

Decrypt a PKCS12 (.p12) to PEM (.pem)

openssl pkcs12 -in certchain.p12 -nodes -out certchain.pem

Encrypt PEM (.pem) into a PKCS12 (.p12)

openssl pkcs12 -export -in certchain.pem -out certchain.p12

Certificate Signing Requests

Display a CSR:

openssl req -noout -text -in server.csr