this is one of the most annoying programs I know of. Why? Because its command line interface sucks! This is one of those programs where you find people claiming “This is fairly easy to do with openssl” to then present you a long command line script with pipes and parameters and even useless stuff nobody needs.
generate self signed certificates
openssl req -newkey rsa:4096 -x509 -nodes -keyout lighttpd.pem -out lighttpd.pem
you can also choose two different file names and cat them together. This may be needed for some web servers and the keyout file is the private key so take care.
fingerprint look up
openssl s_client -connect irc.anonops.com:6697 2>/dev/null | openssl x509 -sha256 -noout -fingerprint
use as password generator
openssl rand -base64 20
check expiration date
# e.g. for a mailserver under 10.0.1.25 with starttls openssl s_client -connect 10.0.1.25:25 -starttls smtp 2>/dev/null | openssl x509 -noout -dates