Adding certificate to Azure Application Gateway from Key Vault

I am trying to create a listener which uses "HTTPS" protocol. Since I have already saved my certificates in a Key Vault, I choose a certificate from Key Vault option. However, I always got the following error when I saved the listener.

ApplicationGatewaySslCertificateInvalidData: Data or Password for certificateis invalid.

It turns out that PEM certificate is not supported by Azure Application Gateway, I need to convert it to PFX certificate.

I downloaded PEM certificate. My PEM certificate contains all the information, so I ran the following command:

pkcs12 -inkey my.pem -in my.pem -export -out my.pfx

The listener was saved successfully after I uploaded the PFX certificate to it.