Ok, but what do I have to do ? Just convert .crt to .p12 ? what about .pem file, is somehow necessary in this process ?

As you need it so seldom, CLI is not a big issue, i think ! There are even websits that will convert it for you - for extra security, i would use openssl as it will never phone home 8)!

I started using openssl right now , CLI is not a problem , my question is not HOW but WHAT to do , do I have to only convert wildcard .cer to .p12 and certificate will be ready to deploy  on mgmt server ?  I am asking because I get also .pem certificate and I don't know maybe it should be  use  somehow, extract .key from it ? 

Usually not more to do than # openssl pkcs12 -export -in certificate.cer -inkey privatekey.key -out certificate.p12

When importing an internal server's certificate for incoming SS traffic inspection, it is necessary to include all the intermediate CAs of the chain in the *.p12 file. Inclusion of only the server certificate may cause some browsers to warn about untrusted sites, since some browsers are unable to fetch and validate the complete certificate chain.

Now it would be # openssl pkcs12 -export -in certificate.cer -inkey privatekey.key -out certificate.p12 -certfile CAcert.cr

Intermediate certificates are included in wildcard .cer file so I run command 

openssl pkcs12 -export -in SMHcrt.cer -inkey privatekey.key -out SMHcert.p12

and I get :

Can't open privatekey.key for reading, No such file or directory
15132:error:02001002:system library:fopen:No such file or directory:crypto\bio\bss_file.c:69:fopen('privatekey.key','r')
15132:error:2006D080:BIO routines:BIO_new_file:no such file:crypto\bio\bss_file.c:76:
unable to load private key

I've fund this command to export key from .pem file 

openssl pkey -in SMHcert.pem -out SMHcert.key

but I get 
unable to load key
9524:error:0909006C:PEM routines:get_name:no start line:crypto\pem\pem_lib.c:745:Expecting: ANY PRIVATE KEY

I don't think its a big issues either @G_W_Albrecht but it seemed like someone who is asking how to create a P12 maybe be given an alternative to CLI. 

based on this command 

openssl pkcs12 -export -in certificate.crt -inkey privatekey.key -out certificate.pfx

how to get .key file in order to include it in the p12 ?

When you generate the CSR you would do this.... 

openssl req -newkey rsa:2048 -keyout PRIVATEKEY.key -out MYCSR.csr

Get the CSR signed by your CA and then you would run the command you just mentioned on the same box, the key would then be present... Where did you generate the CSR, wherever you did, the KEY should be present. 

Thanks Mike you gave me a clue. I've found old private key that is being used currently, but in this year we didn't make CSR , we just got new certificate so the NEW private key wasn't generated . So I used old private key and new .crt and I got new .p12 . On the new .p12 certificate it is written "You have a private key that corresponds to this certificate" so I think everything should be ok ?  

So what upon import ?

I imported .p12 certificate to mgmt server,  we still use the old one. I just wanted to know if I can use old Private key and new certificate , but since we didn't do CSR this year i t should be correct .

P12 usually includes the private keys. You should be fine, I think

yes, but I've got .crt certificate from my CA and I had to convert to .p12 (required by checkpoint) , in order to do that I had to combine .crt with private key.key ( that I fortunately  found) to get .p12

Yes, if you did not have the correct .key file for the .p12 creation, I believe it will complain and the .p12 will not be created. It looks like everything should be OK now and you can import the .p12 to mgmt server.