Fork me on GitHub

Remove password from key

openssl rsa -in server.key.orig -out server.key

Merge all chain in one file

After this you can use this no only with Nginx, with full-chain work fine dovecot and postfix.

cat server.crt.orig intermediate1.crt intermediate2.crt >

Make Pins for HPKP Header

Leaked from RFC7469:

openssl x509 -noout -in certificate.pem -pubkey | \
openssl asn1parse -noout -inform pem -out public.key

openssl dgst -sha256 -binary public.key | openssl enc -base64

Generate Diffie–Hellman key

openssl dhparam -out dhparam.pem 4096