Simple certificate management with OpenSSL
First create an empty dir for your new certificate:
# temporary export domain name
Generate the private key and a certificate sign request:
$ openssl genrsa -out $domain.key 2048
Now pass the csr to for example StartSSL and save the certificate to
$domain.crt. Create a file
ca.crt containing all CA certificates concatenated. Bundle the key, the certificate and any needed (intermediate) CA certificates into a PKCS12 file:
$ openssl pkcs12 -export -in $domain.crt -inkey $domain.key -certfile ca.pem -name "$domain" -out $domain.p12
$domain.p12 file contains all you need.
To change or remove the passphrase later on, you can do:
$ openssl pkcs12 -in $domain.p12 -nodes -out temp.pem
To split the PKCS#12 container into its parts again just execute
$ openssl pkcs12 -in $domain.p12 -nodes -nokeys > $domain.crt
and then extract the single parts from the output file.