I also spend some time on this, trying to get the apple payment session to work with php, and although this question is old let me write it here for others

You can generete RSA 2048 key using openssl

openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out request.csr

you also need save your private key, as you will need it

Then once you submit to apple you will get certificate apple.cer file, that you can convert it to pem format for use with CURL

openssl x509 -inform der -in apple.cer -out merchant_idX.pem

And then use the private key and the converted certificate to make the request to apple to get the session

curl_setopt($ch, CURLOPT_SSLKEY, '../ShoreThangKeyX.key');

curl_setopt($ch, CURLOPT_SSLCERT, '../merchant_idX.pem');