Another simple but effective thing you can do with PowerShell that might come in handy.
Some applications only require a .cer certificate file without the private key, so you don't need to hand over the password for the .pfx file with the private key. From a security point of view you never leave password's for private keys floating around.
So this is a quick way to export the certificate to only a .cer file.
This can be used from Windows server 2012 and up, and Windows 8 and up:
Get-PfxCertificate -FilePath InputBundle.pfx | Export-Certificate -FilePath OutputCert.cer -Type CERT
You'll be asked to enter the password for the pfx file and the .cer file will be written in the specified path.
Simple as that, and you don't need OpenSSL, not for this task anyway đŸ˜‰