Skip to main content

OpenSSL Cheat Sheet 2026 — Quick CLI Command Reference

2 min read

OpenSSL Cheat Sheet 2026 — Quick Command Reference

OpenSSL Cheat Sheet is the complete quick-reference of OpenSSL commands grouped by function. Copy any command with one click and find what you need with Ctrl+F in under 3 seconds.

OpenSSL Certificates & Keys

Action Command Useful flags
Generate a private key and encrypt the output file using AES-256 
openssl genpkey -algorithm <rsa|ec> -out <path/to/private.key> -aes256
Generate the corresponding public key from the private key `private.key` using ` 
openssl rsa -in <path/to/private.key> -pubout -out <path/to/public.key>
Generate a self-signed certificate valid for a specified number of days (365) 
openssl req -new -x509 -key <path/to/private.key> -out <path/to/certificate.crt> -days 365
Convert a certificate to `.pem` or `.der` format 
openssl x509 -in <path/to/certificate.crt> -out <path/to/certificate.pem|path/to/certificate.der> -outform <pem|der>
Check certificate details 
openssl x509 -in <path/to/certificate.crt> -text -noout
Generate a certificate signing request (CSR) 
openssl req -new -key <path/to/private.key> -out <path/to/request.csr>
Display help 
openssl help
Display version 
openssl version

⚠️ Dangerous / Destructive Commands

These commands are irreversible. Verify your environment (dev/staging vs prod) before running them.

Action Command Warning
⚠️ Destroy ⚠️ 
terraform destroy -auto-approve
 Irreversible — verify the target before running
⚠️ Delete 
kubectl delete namespace production
 Irreversible — verify the target before running
⚠️ Prune ⚠️ 
docker system prune -af --volumes
 Irreversible — verify the target before running
⚠️ Delete 
pvesh delete /nodes/{node}/qemu/{vmid}
 Irreversible — verify the target before running
⚠️ Delete 
az group delete --name MyResourceGroup --yes
 Irreversible — verify the target before running

FAQ — Frequently Asked Questions

What is the difference between OpenSSL Certificates & Keys and the other groups?

Each group in this OpenSSL cheat sheet covers a distinct area. OpenSSL Certificates & Keys focuses on its specific scope, while the other groups and the remaining groups cover networking, storage, security and diagnostics respectively.

How do I check the installed OpenSSL version?

Run the version command (usually openssl version or openssl --version). The output shows the client and, when applicable, the server version.

Why does OpenSSL return ‘permission denied’?

A ‘permission denied’ error in OpenSSL usually means the current user lacks sufficient privileges or credentials are not configured. Check: (1) assigned IAM/RBAC roles, (2) an active authentication context via the corresponding login command.

How do I filter OpenSSL output by status or name?

Use flags such as --filter, --selector or --query depending on the tool. You can also pipe into grep or jq to process JSON: 

openssl list | grep RUNNING

What is the fastest way to debug a OpenSSL error?

Add the verbose flag (--verbose, -v or --debug) to the failing command. This reveals the underlying HTTP/API calls and the full error response body.

Official sources & references

Commands cross-checked against vendor documentation and high-authority repositories: