I'm looking at the Convert PEM to PFX section on https://www.sslshopper.com/ssl-converter.html:
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
Why are there two .crt files? I have only one.
The PFX file can holds a certificate chain from the main certificate/private key to issuer certificates to the CA certificate.
Normally I don't include the CA certificate as this should already be in all the machine CA lists anyway, but it is a good idea to include all the intermediate certificates.
The "-certfile" is the example above looks to be including the CA certificate (i.e. the issuer of the certificate.crt certificate).
The "-certfile" is optional, so you don't need to provide it if you don't have a CA or intermediate certificates.
You would normally get any intermediate or CA certificates from the CA that generated the certificate for you. You use the "-certfile" argument for each additional certificate you want to add to the pfx file.