These commands are needed every time you want to generate a new certificate
signing request to give to an authority in order for them to generate and sign
a certificate for you. Good info on https://www.h2check.org/deploy

## Generate new private key

This is **unencrypted and must be kept private**.

```shell
$ openssl genrsa -out example.com.key 2048
```

## Generate Certificate Signing Request (CSR) using the private key

```shell
$ openssl req -new -sha256 -key example.com.key -out example.com.csr
```

## Single command

```shell
$ openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr
```

## Check a CSR

This allows you to check the information enclosed in a CSR.

```shell
$ openssl req -noout -text -in example.com.csr
```

## Diffie-Hellman paratemers

http://blog.ivanristic.com/2013/06/ssl-labs-deploying-forward-secrecy.html

```shell
$ openssl dhparam -out dhparam.pem 2048
```