UNIXΒΆ
The first one creates a self-signed certificate, while the second creates a CSR:
openssl req -sha256 -new -x509 -key app.key.pem -out app.cert.pem # creates self-signed cert
openssl req -sha256 -new -key app.key.pem -out app.csr.pem # creates a CSR
A certificate has already a date validity and expiration tagged into the certificate whereas a CSR does not have any concept of date validity and expiration yet.
A xxxx.p12 file is a cryptographic container file that can be password-protected. This file contains both the private & public keys and including the supporting certificate chain of trusts.. To analyse this file,:
openssl pkcs12 -in xxxx.p12 -out xxxx.cert.pem -clcerts -nokeys # <--- retrieve the certificate (and publick key)
openssl pkcs12 -in xxxx.p12 -out xxxx.privkey.pem -nocerts -nodes # <--- retrieve the private key
The CRL can be downloaded from the certificate if you can see a CRL URL inside. But the CRL is in DER format. Convert to pem first:
openssl crl -inform DER -in crl.der -outform PEM -out crl.pem
And then read inside whose serial is expired:
openssl crl -in crl.pem -noout -text
Get the additional certificate chain inside .p12:
openssl pkcs12 -in path.p12 -out newfile.crt.pem -nokeys