General commands to analyze a certificate.
Test a TLS connection
openssl s_client -connect example.net:443
Get the certificate from a web endpoint
openssl s_client -showcerts -connect example.net:443 </dev/null
Check whether the private key of a certificate, key and CSR match
openssl rsa -noout -modulus -in example.key | openssl sha256 openssl x509 -noout -modulus -in example.crt | openssl sha256 openssl req -noout -modulus -in example.csr | openssl sha256
Decrypt a RSA private key
openssl rsa -in <encrypted_private.key> -out <decrypted_private.key>