sudo -i
cd /CertificateAuthCA
openssl genrsa -des3 -out user.key 4096
openssl req -new -key user.key -out user.csr
#Country Name (2 letter code) [AU]:CZ
#State or Province Name (full name) [Some-State]:CZ
#Locality Name (eg, city) []:PRG
#Organization Name (eg, company) [Internet Widgits Pty Ltd]:
#Organizational Unit Name (eg, section) []:
#Common Name (e.g. server FQDN or YOUR name) []:user1 !!!!! Unique
#Email Address []:
openssl x509 -req -days 3650 -in user.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out user.crt
#Check if ca.crt a user.crt works
sudo -i
cd /CertificateAuthCA
openssl verify -verbose -CAfile ca.crt user.crt
###Creating a PKCS #12 (PFX)
openssl pkcs12 -export -out user.pfx -inkey user.key -in user.crt -certfile ca.crt
sudo cp /CertificateAuthCA/user.pfx /home/pi/
sudo chmod 755 /home/pi/user.pfx
sudo cp /CertificateAuthCA/ca.crt /home/pi/
sudo chmod 755 /home/pi/ca.crt