openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 3650To omit the use of a passphrase on the private key, add the following flag
-nodesSMTP
openssl s_client -connect smtp.exmaple.com:25 -starttls smtp
openssl s_client -connect smtp.exmaple.com:587 -starttls smtp
openssl s_client -connect smtp.exmaple.com:465 smtpShow validity range of a cert
echo -n | openssl s_client -showcerts -connect wiki.rlskeels.com:443 | openssl x509 -noout -datesConvert the p12 to a text file. You'll be prompted to enter a password to decrypt the whole p12 (if you have set no password, just press Enter without typing anything). You'll then be prompted to enter a password to encrypt the private key that's within the p12 file before it's exported as the txt file.
openssl pkcs12 -in vpn-client.p12 -out vpn-client.txtConvert the txt file back to a p12 file with password protection.
openssl pkcs12 -export -in vpn-client.txt -out vpn-client.p12To test a connection's cert
openssl s_client --connect wiki.rlskeels.com:443