Frequently used openssl operations:

Generating a new private key for your host:

# openssl genrsa -out host.key -des3 2048
If you want to launch your httpd automatically on system boot (you probably do), don’t enter any passphrase, otherwise your system will hang in a password prompt. To remove a passphrase from your key, use the following command:
# openssl rsa -in server.key -out server.key_nopass

Reading an SSL cert:

# openssl x509 -in host.crt -noout -text

Generating a new certificate request:

# openssl req -new -key host.key -out certrequest.pem

Alternately, generate a new self signed certificate:

openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.crt

Create a certificate for an imported request (as a CA):

echo -ne '01' > ca.serial
openssl x509 -days 7300 -CA cacert.pem -CAkey ca.key -CAserial ca.serial -in imported.csr -req -out imported.cer

Create a subordinate CA (from an external request, e.g. a Windows server):

openssl x509 -req -in request.req -out subCA.pem -extfile /usr/lib/ssl/openssl.cnf -extensions v3_ca -CAserial ca.serial -CA cacert.pem -CAkey ca.key -sha1 -days 3650

Export a certificate as PKCS12

openssl pkcs12 -export -in cert.pem -inkey cert.key -out cert.p12