From the URL of your CA server, I'll assume you're using a Microsoft CA.
The partner has sent you a CSR. That means they have the private key at their location, therefore there is no reason for you to generate one for them - assuming that is what you mean by keyfile.
All you need to do is sign the CSR with your Microsoft CA and export the certificate as a PEM file.
Once you've returned the certificate to the partner, they can install it. If that means they need to pair the certificate with the private key and create a PKCS#12 file, then so be it; but that is a task for them, not you, as you don't want to be handling their private key.
To clarify the OpenSSL command, just in-case you need to explain it to your partner organisation:
openssl pkcs12 tells the utility that you're working with PKCS#12 files;
-certfile cert-intermediaire.cer is the subordinate (or intermediate) CA certificate. This is your Microsoft CA's certificate. If you have a three-tier PKI, simply add more -certfile options to cover all your CA certificates. If you have a single-tier PKI, remove either this or the next option (both are -certfile)
-certfile cert-racine.cer is the Root CA certificate (the certificate which signed your CA's certificate). There is normally no need to send this certificate within the PKCS#12 file as your partner should have received and installed this through a more formal process which should involve the checking of the authenticity of the file and the trustworthiness of your organisation's PKI. On the other hand, there is no harm in sending it.
-in certificat-ssl.cer is the certificate that you generated for them with your CA;
-inkey cle-privee.key is the private key that only your partners should hold (which is why they should be running this command);
-export tells the utility that it is exporting a new PKCS#12 file;
-out certificat-ssl.pfx is the filename to which you are exporting.
