openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout testkey.key -out testkey.crt
Informations about the used arguments from the OpenSSL man page:
req: PKCS#10 certificate request and certificate generating utility.-x509: this option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or a self signed root CA. The extensions added to the certificate (if any) are specified in the configuration file. Unless specified using the set_serial option 0 will be used for the serial number.-nodes: if this option is specified then if a private key is created it will not be encrypted.-days 365: when the -x509 option is being used this specifies the number of days to certify the certificate for. The default is 30 days.-newkey rsa:2048: this option creates a new certificate request and a new private key. The argument takes one of several forms. rsa:nbits, where nbits is the number of bits, generates an RSA key nbits in size. If nbits is omitted, i.e. -newkey rsa specified, the default key size, specified in the configuration file is used.-keyout testkey.key: this gives the filename to write the newly created private key to. If this option is not specified then the filename present in the configuration file is used.-out testkey.crt: this specifies the output filename to write to or standard output by default.Now you can pack the key into a PKCS#12 container:
openssl pkcs12 -export -out testkey.p12 -inkey testkey.key -in testkey.crt
Informations about the used arguments from the OpenSSL man page:
pkcs12: PKCS#12 file utility.-export: this option specifies that a PKCS#12 file will be created rather than parsed.-out testkey.p12: the filename to write certificates and private keys to, standard output by default. They are all written in PEM format.-inkey testkey.key: file to read private key from. If not present then a private key must be present in the input file.-in testkey.crt: this specifies filename of the PKCS#12 file to be parsed. Standard input is used by default.