=== Generate ===
== Generate a new private key and Certificate Signing Request ==
  openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
== Generate a self-signed certificate ==
  openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
== Generate a certificate signing request (CSR) for an existing private key ==
  openssl req -out CSR.csr -key privateKey.key -new
== Generate a certificate signing request based on an existing certificate ==
  openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key
== Remove a passphrase from a private key ==
  openssl rsa -in privateKey.pem -out newPrivateKey.pem
  
=== Check ===

== Check a Certificate Signing Request (CSR) ==
  openssl req -text -noout -verify -in CSR.csr
== Check a private key ==
  openssl rsa -in privateKey.key -check
== Check a certificate ==
  openssl x509 -in certificate.crt -text -noout
== Check a PKCS#12 file (.pfx or .p12) ==
  openssl pkcs12 -info -in keyStore.p12

== To find out if your certificate matches the key file ==
To quickly make sure the files match, display the modulus value of each file:
  openssl rsa -noout -modulus -in FILE.key
  openssl req -noout -modulus -in FILE.csr
  openssl x509 -noout -modulus -in FILE.cer

If everything matches (same modulus), the files are compatible public key-wise (but this does not guaranty the private key is valid). If not, one of the file is not related to the others.

=== SSH-Keygen ===
  ssh-keygen -t rsa -b 4096