Export certificates for browsers

We’ve been handling certificates in the pem format, but browsers and other applications usually require pkcs12. We can do the conversion using openssl:

openssl pkcs12 -export \
    -out certs/foo.p12 \
    -in certs/foo.pem \
    -inkey certs/foo-key.pem \
    -name foo.clients.pki.your.domain.tld \
    -certfile intermediate/intermediate-01.pem \
    -certfile ca/ca.pem

This will create certs/foo.p12, which applications seem to load.