1. Generate a Private Key

    openssl genrsa -out client.key 2048

  2. Create A CSR

    openssl req -new -key client.key -out client.csr -subj "/C=US/ST=CA/L=City/O=Organization/OU=Unit/CN=John Doe/[email protected]"

  3. Sign CSR

    openssl x509 -req -in client.csr -out client.crt -CA ca.crt -CAkey ca.key -CAcreateserial -days 365 -sha256

  4. PKCS

    openssl pkcs12 -export -out client.pfx -inkey client.key -in client.crt -certfile ca.crt