I haven’t tried this first-hand, but saw a ticket at work where a customer was bringing a certificate over from a Windows server to their Linux server and thought it was worth documenting for future reference:
$ openssl pkcs12 -in mycert.pfx -out mycert.pem -nodes
This should then prompt you to enter the import password.
PKCS#12 is a bundle containing the public and private key and is protected by a password-based key (more information here). According to that page, PFX is a predecessor to PKCS#12 and this format can also be used for the Java key store (Tomcat).
UPDATE:
You can go the other way (cert/key -> PFX) using:
openssl pkcs12 -export -in domain.crt -inkey domain.key -out domain.pfx -nodes