Which certificate have you tried downloading? Is it the PKCS12 certificate? Alternatively you can probably create the file following this link. The underlying certificates are in /etc/pki/CA and the keys in /etc/pki/CA/private.

This works fine. But i have to make a lot of certificates. I want to save time and do that with user interface. How can i do that?
openssl.exe pkcs12 -export -in denali.crt -inkey denali.key -out denali.combined.pfx - works fine.
In /usr/clearos/app/certificate_manager/libraries/SSL.php i find the same command
pkcs12 -export -in /etc/pki/CA/client-ivan-cert.pem -inkey /etc/pki/CA/private/client-ivan-key.pem -certfile /etc/pki/CA/ca-cert.pem -name "client-ivan.p12" -passout file:/var/tmp/opensslbffNSy -out /etc/pki/CA/client-ivan.p12
I think to change the last string, but before i want to undestand the differense betwen them. Why the fist string works and the last not? What key in the last string is wrong?

Thank you in advance.

If i make certificate by user interface and than dowload by pscp from server it works fine. I think problem is not in openssl or keys for that command. But i dont understand why certificate dont work if i download it from https://server:81/app/user_certificates. Have you any ideas?

I've don't know what is going wrong for you or why the basic PKCS12 you get from the webconfig does not work if the manual command does. The last one is using a temporary password file which is probably written from the webconfig. It would be trivial to script from the underlying certificates if they already exist and you want to give each one the same or no password.