I had a PFX file and needed to create KEY file for NGINX, so I did this:
openssl pkcs12 -in file.pfx -out file.key -nocerts -nodes
Then I had to edit the KEY file and remove all content up to -----BEGIN PRIVATE KEY-----
. After that NGINX accepted the KEY file.