OpenSSL

openssl genrsa -out cakey.pem 4096

openssl req -x509 -new -nodes -key cakey.pem -days 3650 -out cacert.pem

openssl genrsa -out key.pem 4096

openssl req -new -key key.pem -out csr.pem -sha256

openssl dhparam -out dh.pem 2048

openssl x509 -req -in csr.pem -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out cert.pem -days 365

openssl pkcs12 -export -out myserver.pfx -inkey myserver.key -in myserver.crt

openssl genrsa -out bluenet-ride.com.key 4096
openssl req -new -key registry.bluenet-ride.com.key -out registry.bluenet-ride.com.key.csr
openssl x509 -req -days 365 -in bluenet-ride.com.csr -signkey bluenet-ride.com.key -out bluenet-ride.com.crt

openssl pkcs12 -inkey bob_key.pem -in bob_cert.cert -export -out bob_pfx.pfx

openssl s_client -showcerts -connect encrypted.google.com:443 < /dev/null 2> /dev/null | openssl x509 -noout -enddate
openssl x509 -noout -text -in cert.pem
openssl req -noout -text -in req.pem

trust anchor ca.crt
# trust anchor --remove ca.crt

Ref:

• https://unix.stackexchange.com/questions/104623/how-to-get-servers-ssl-certificate-in-a-human-readable-form
• https://bbs.archlinux.org/viewtopic.php?id=235724