openssl commands

Create CSR using the sconfig file

        [req]
        distinguished_name = req_distinguished_name
        req_extensions = req_ext

        [req_distinguished_name]
        countryName = Country Name (2 letter code)
        stateProvinceName = State or Province Name ( full name)
        localityName = Locality Name ( eg city)
        organizationalUnitName = Organizational Unit Name ( eg. section)
        commonName = Common Name (eg. your server hostname)
        organizationName = organizationName

        [req_ext]
        subjectAltName = @alt_names

        [alt_names]
        DNS.1 = www.example.com
        DNS.2 = example.com
        DNS.3 = api.example.com
    

Create a private key and CSR fron san config file

openssl req -new -newkey rsa:2048 -nodes -keyout abc.com.key -out abc.com.csr -config san.cnf

Get csr signed for CA and download .cer

Get the pfx file

openssl pkcs12 -export -out cert.pfx -inkey your.key -in your.cer

To generate bundle.pfx from multiple .cer files (The order of certificates is important in the bundle)

cat certificate.cer intermediate1.cer intermediate2.cer root.cer > bundle.crt

openssl pkcs12 -export -out bundle.pfx -inkey private.key -in certificate.cer -certfile bundle.crt