Create a certificate signing request and a certificate key for server1.fubar.com where:
Company name: Fubar Corporation
City: Podunk
State: Alabama
Division of the Company: Network Administration

openssl req -new -newkey rsa:2048 -nodes -keyout server1.fubar.com.key -out server1.fubar.com.csr \
-subj "/C=US/ST=Alabama/L=Podunk/O=Fubar Corporation/OU=Network Administration/CN=server1.fubar.com" 

Create a certificate signing request and certificate key for a server that has two names: server1.fubar.com and booga.fubar.com

openssl req -new -newkey rsa:2048 -nodes -keyout server1.fubar.com.key -out server1.fubar.com.csr \
-subj "/C=US/ST=Alabama/L=Podunk/O=Fubar Corporation/OU=Network Administration/CN=server1.fubar.com" \
-addext "subjectAltName=DNS:booga.fubar.com"

Create a wildcard certificate signing request for fubar.com

openssl req -new -newkey rsa:2048 -nodes -keyout wild.fubar.com.key -out wild.fubar.com.csr \
-subj "/C=US/ST=Alabama/L=Podunk/O=Fubar Corporation/OU=Network Administration/CN=*.fubar.com" 

Read a certificate file and find out what domain names were put into it

openssl x509 -noout -text -in certificate.file.name

Verify the key matches the certificate – this is a two step process

First run

openssl x509 -noout -in my.certificate.filename | openssl md5

you will get something like this as an output

MD5(stdin)= d41d8cd98f00b204e9800998ecf8427e

now execute

openssl rsa -modulus -noout -in my.key.filename | openssl md5

you will get something like this as an output

MD5(stdin)= 40424f7df4054da4ae5d1bbbaf0c571e

If the two MD5 values match – the key is the correct one for this certificate