What is the difference between .pfx and .cert certificate files? Do we distribute .pfx or .cert for client authentication?
And is pretty much useless because (1) it can be regenerated from the privatekey file and (2) most applications don't use just the publickey but instead a certificate.
Private keys are handled by a CSP, that will store them, again, somewhere else in the user's roaming profile (or the registry). In the certificate store, the certificate is stored with some extra data, one of which being "there is a private key for that certificate, held by CSP X under name Y", which allows Windows to get the key when needed.
"from a PEM file" - what is the content of the PEM? What tools you have available? What do you want to have at the end (i.e. extract and then store it in what format)? "unable to obtain the cryptography module to load X509" - this would not even help since the private key is not inside the X509 certificate. Only the public key is in the certificate. So if you just have the certificate then no ...
tls - How can I extract the certificate from this pcap file ...
In reality, a certificate is just the public key part of the key pair, and a .pfx file is a bundle that contains both the certificate (public part) and the encrypted private key [source]. (It grinds my gears when people talk about a "password protecting a certificate" which makes no sense since a certificate is public information!
A certificate file (-CAfile) contains a list of CA certificates in PEM format. A certificate directory (-CApath) contains the separate files inside a single directory and links to these files based on the subject - see openssl rehash on how to create the necessary links.