Informational

First, create a CSR (need to have an openssl.cnf file as a template for required certicate elements)
If creating a wildcard certificate, the CN = *.domain.com

openssl req -new -newkey rsa:2048 -nodes -keyout star.key -out star.csr

The "star.csr" is the CSR, the "star.key" is the private key

Copy "star.key" as a private key name, keep it simple, like pk.domain_com.key

Once you get the certificate's by uploading the CSR to a CA, rename the files to make since.
Typically, they will generate a .CRT and a .P7B file along with CA Bundle.

Create a .CER file (if needed)
openssl pkcs7 -print_certs -in domain_com.p7b -out domain_com.cer

Create a .P12 file (if needed) (Cisco ASA requires a .P12 file)
openssl pkcs12 -export -in domain_com.cer -inkey pk.domain_com.key -out domain_com.p12

Create a .PEM file (if needed) (HAProxy requires a .PEM file)
openssl pkcs7 -print_certs -in domain_com.p7b -out domain_com.pem

UPDATE:

If the provider doesn't provide a .P7B file and/or an Intermediate CA is involved, create a .P7B file with the .CRT
openssl crl2pkcs7 -nocrl -certfile domain_com.crt -certfile intermediate-ca-bundle -out domain_com.p7b

When dealing with a .PEM file, make sure to include the Private Key in the .PEM file.