Assuming those are not self signed certificates, and that they come from a Certificate Authority, what the help suggest is to include the whole chain within the same PEM file so ti can be resolved successfully and not return an invalid certification warning in the browser.
However, if you are using a self-signed certificate you can skip those steps since you don't have any certification authority chain to follow, but you will get the warning error in the browser.
You are already generating the keys when requesting the certificate if you run the openssl commands as in the help site (Installing SSL certificates ‒ Qlik NPrinting) there it is specified where the private key is stored and how to add to the config file, as the request for the certificate creates also the keys (self signed certificate).
If you are using instead a third party certificate authority (the likes of Comodo, Symantec, Thawte, etc.) then you will get that information from them.