SSL 证书会涉及到的几类文件: privkey.key the private key for your certificate. identity.csr the Certificate Signing Request. certificate.crt the certificate file used in most server software. certificate.pfx the PKCS#12 format is an archival file that stores both the certificate and the private key. By default, OpenSSL generates keys and CSRs using the PEM format (the raw). 1,Generating a new Private Key openssl genrsa -out private.key 2048 2, Creating Your domain CSR Creating Your domain CSR for an existing private key openssl req -new -key private.key -out identity.csr \ -subj "/C=US/ST=Utah/L=Lehi/O=CREAST, Inc./OU=IT/CN=yourdomain.com" or Creating CSR with One command: openssl req --new \ -newkey rsa:4096 -sha256 –nodes --keyout private.key \ -out identity.csr \ -subj "/CN=Bitwarden IdentityServer" -days 10950 Generate a certificate signing request based on an existing certificat