Signing SSL client cert

Commands for client:

$ openssl genrsa -des3 -out client.key 2048
Generating RSA private key, 2048 bit long modulus
.......................................+++
.....................................................................................+++
e is 65537 (0x10001)
Enter pass phrase for client.key:
Verifying - Enter pass phrase for client.key:


$ openssl req -new -key client.key -out client.csr
Enter pass phrase for client.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:SG
State or Province Name (full name) [Some-State]:Singapore
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (e.g. server FQDN or YOUR name) []:USERNAME
Email Address []:EMAIL@EXAMPLE.COM

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

$ scp client.csr pans.kimihia.org.nz: 
client.csr                                                           100%  993     1.0KB/s   00:00    

Now, commands for the CA:

# cp ~tipene/client.csr newreq.pem
# ~/tipene/bin/CA.pl -sign
...
Certificate is to be certified until Aug 21 13:33:05 2013 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
Signed certificate is in newcert.pem

# cp newcert.pem ~tipene/

Now, commands for client to pick up signed certificate, transform into PKCS#12 and import to browser:

$ scp pans.kimihia.org.nz:newcert.pem .
newcert.pem                                                          100% 3814     3.7KB/s   00:01    

$ openssl pkcs12 -export -inkey client.key -in newcert.pem -CAfile /etc/ssl/certs/Pans_CA.pem -out bundle.p12
Enter pass phrase for client.key:
Enter Export Password:
Verifying - Enter Export Password:

Now deliver bundle.p12 to your browser and when asked enter the Export Password.