Just a bunch of commands I might need later:
#!/usr/bin/env bash
set -eu
certname="MyClient"
pubfile="pub.cer"
tmp="$(mktemp -d)"
trap 'rm -r "$tmp"' EXIT
openssl genrsa -out "${tmp}/private.key" 4096
openssl req -new -key "${tmp}/private.key" -subj "/CN=$certname" -out "${tmp}/request.csr"
openssl x509 -req -days 3650 -in "${tmp}/request.csr" -signkey "${tmp}/private.key" -out "${tmp}/certificate.crt"
openssl pkcs12 -export -out "${tmp}/certificate.pfx" -inkey "${tmp}/private.key" -in "${tmp}/certificate.crt" -passout pass: # No password
pfx="$(base64 -w0 "${tmp}/certificate.pfx")"
cp "${tmp}/certificate.crt" "$pubfile"
echo
echo
echo "PFX: $pfx"
echo
echo "Public key saved to: $pubfile"