OpenSSL pkcs12 export fails when specifying CSR file

I'm attempting to create a p12 file for use with PushSharp to send iOS push notifications. I used this exact process a year ago to renew our certificates and it worked fine; but now it's failing at the final step.

Here is what I'm doing:

1. Create a certificate signing request in Keychain Access, as a file named CertificateSigningRequest.certSigningRequest
2. Export the private key from Keychain Access, saving the file as private_key.p12
3. Go to developer.apple.com, create a production Apple Push Services certificate using the CSR file from step 1, download the file as aps.cer
4. Run the following commands in a shell (pretty much identical to what one finds on some other Stack Overflow posts):

openssl x509 -in aps.cer -inform DER -out app_cert.pem -outform PEM

openssl pkcs12 -nocerts -out private_key.pem -in private_key.p12

openssl rsa -out private_key_noenc.pem -in private_key.pem

openssl pkcs12 -export -in app_cert.pem -inkey private_key_noenc.pem -certfile CertificateSigningRequest.certSigningRequest -name "MyAppName" -out pushsharp.p12

The final openssl command fails with this error:

unable to load certificates

I haven't been able to figure out what I'm doing wrong; this is all in a script that worked fine a year ago. I was able to get the openssl pkcs12 -export command to succeed by removing the -certfile CertificateSigningRequest.certSigningRequest argument, but I believe the p12 file generated by this will not work with PushSharp.

Don't try to give a CSR file as parameter of -certfile.

-certfile can be used for adding additional certificates to the store.

For example CA certificates chain of the app_cert.pem:

    openssl pkcs12 -export -in app_cert.pem -inkey private_key_noenc.pem \
                -certfile ca_certificates.pem -name "MyAppName" -out pushsharp.p12

Usually there is no need to use CSR, if the corresponding certificate already exists.