If you're about to handle X509 certificates and don't want to remember/google a handful of openssl commands you can use the graphical tool XCA Show archive.org snapshot .
Setup
- Install XCA
sudo apt install xca
- Create a new database with a strong master password
Features
- Create CSR
- Verify SSL private key matches SSL certificate
- enable
Key name
column - import certificate and private key
- enable
- Import, export and convert PKCS#12, PKCS#7, PEM chain, DER and more
- Check issuer chain
- import certificate, intermediate and root ca
- they get automatically chained
- View certificates and export openssl config
- Check revocation lists
- Setup a private PKI
- A lot more...