You need a combination of these two
Path for the cert and key is:
Obtain a certificate from MS CA Web - something like http://ca-server/certsrv
Click Request certificate- select advanced and then follow the dialog and save the certificate in Windows client. Type mmc and add certificate add-in, for my user.
Then you can export it in pksc12 format and then split into key and cert as:
Type "openssl pkcs12 -in filename.pfx -nocerts -nodes -out PBX_PrivateKey.pem" (you will be prompted for the password) to export the private key (no certificates at all will be output).
Then type "openssl pkcs12 -in filename.pfx -clcerts -nokeys -out PBX_Certificate.pem" to export the certificate.