First, set the common name (CN, ~FQDN) for the certificate:

CN=host.domain.tld

Change to the directory where you would like to store the data relevant for certificates, e.g.:

cd /etc/ssl

Then create a private key:

openssl genrsa -out private/${CN}.key 2048

Generate the signing Request, either:
a) interactively, you'll have to answer some questions...:

openssl req -new -key private/${CN}.key -out ${CN}.csr

b) using a customized openssl config file:

openssl req -new -config ${CN}-openssl.cnf -key private/${CN}.key -out ${CN}.csr

Now you may either:
a) send the certificate request to an (official or internal) Certificate Authority to sign the Certificate

b) for testing purposes only, you can also self-sign the certificate:

openssl x509 -req -days 1825 -in ${CN}.csr -signkey private/${CN}.key -out certs/${CN}.crt

When you have received signed (or self-signed) certificate, you can copy all the files to the appropriate location.

Probably you have to create a combined pkcs#12 (.p12, .pfx) file, containing private key and certificates:

openssl pkcs12 -export -in ${CN}.crt -certfile cafile.pem -inkey ${CN}.key -out ${CN}.pfx

(where cafile.pem is the ca certificate bundle of issuing certificate authority)

Clear the shell variable for the Common Name:

CN=