I ran into an issue where an application would not accept the pfx file that I created for a web server. I used the key file and the certificate file but for some reason it did not work. I had to include the certificate chain which had the root CA and intermediate certificates combined in it.
If you don’t have the Intermediate/Root certificates you can export them from your certificate file (.crt). Just double click on it, go to Certification path tab, select root CA (very top one) > View certificate, then details tab of the Root CA certificate > Copy to File > Base 64 encoded X.509 and call it Root.crt. Do the same for intermediate and save it as intermediate.crt.
Creating a PFX file with a chain
C:\OpenSSL-Win64\bin>openssl pkcs12 -export -out C:\SSL\mysite.pfx -inkey “C:\SSL\mysite.key” -in “C:\SSL\mysite.crt” -certfile “C:\SSL\RapidSSLChain.cer” -name “mysite.com” -passout pass:Pa$$w0rd
Contents of RapidSSLChain.cer file