$ multipazctl generateReaderRoot --subject_and_issuer 'CN=Utopia Brewery Reader CA,O=Utopia Brewery,C=ZZ'
- Generated self-signed reader root cert and private key with curve P384
- Wrote reader root private key to reader_root_private_key.pem
- Wrote reader root cert to reader_root_certificate.pem

$ multipazctl generateReaderCert --subject 'CN=Bob Bobson,O=Utopia Brewery,C=ZZ'
- Generated Reader cert and private key with curve P256
- Loaded reader root cert from reader_root_certificate.pem
- Loaded reader root private key from reader_root_private_key.pem
- Wrote reader private key to reader_private_key.pem
- Wrote reader cert to reader_certificate.pem

$ openssl pkcs12 -export -out reader_key_and_certchain.p12 -inkey reader_private_key.pem -in reader_certificate.pem -certfile reader_root_certificate.pem
Enter Export Password:
Verifying - Enter Export Password: