When you work at a hosting provider to have to deal with SSL certificates. We create our certificate signing request from a central Linux server. This means that when there is a certificate for a a website on a Windows server that I need to use OpenSSL to create a pfx file. Pfx files are needed to import the certificates and the private key in IIS for example. With OpenSSL it is easy to create a pfx file.
Create .pfx file from certificate and private key
openssl pkcs12 -export -out domain.tld.pfx -inkey domain.tld.key -in domain.tld.cer
This command only creates a pfx file from the certificate and the private key. But most of the time you want to include the root and intermediates certificates also.
Create .pfx file from certificate, private key and root certificates
openssl pkcs12 -export -out domain.tld.pfx -inkey domain.tld.key -in domain.tld.cer -certfile root.cer -certfile intermediate.cer
Some SSL providers give you also a ca-bundle with all the correct root and intermediate certificates in it. If they do then it is better to use the ca-bundle.
openssl pkcs12 -export -out domain.tld.pfx -inkey domain.tld.key -in domain.tld.cer -certfile domain.tld.ca-bundle
Beside creating pfx files you can do a lot more useful things with OpenSSL. Below are some other commands you can use
Extract the private key from a pfx file
openssl pkcs12 -in domain.tld.pfx -nocerts -nodes -out domain.tld.key
Decode the certicate request
openssl req -in domain.tld.csr -noout -subject
Get the public key from a certificate
openssl req -in domain.tld.csr -noout -pubkey
Convert cer file to pem
openssl x509 -inform der -in domain.tld.cer -out domain.tld.pem