And, they have to be .pem formatted files?

Not necessarily. The documentation says:

Supported file formats are PEM, DER and PKCS#12, where PEM and PKCS#12 can contain the certificate and the chain to use, while DER can only contain a single certificate.

Yes, this should work with a privatekey in PEM format. It needs to be unencrypted, though.

UPDATE:
You may as well put the cert and the privkey in PEM format into the certfile or you may use a PKCS#12 as certfile. And you may give a callback sub to provide the passphrase for the private key via SSL_password_cb. See IO::Socket::SSL.

Further down the rabbit hole we go. Open one door and another presents itself.

We cannot have unencrypted .pfx files for the private key on the server. But, there's notation stating the password for the private key can get passed into the IO::Socket with a subroutine. This part doesn't make sense to me. From what I've found this is how it's put together, but it's still failing.

 
use LWP::UserAgent;
use Data::Dumper; 
use IO::Socket::SSL qw(debug4); 

IO::Socket::SSL::set_defaults(passwd_cb => sub { "passwordvaluehere" }
+); 
$endpoint = 'https://omit/commotest'; 
$ua = LWP::UserAgent->new; 
$ua->ssl_opts(SSL_cert_file => 'der.cer'); 
$ua->ssl_opts(SSL_key_file => 'privatekey.pfx'); 
$ua->ssl_opts(SSL_use_cert => '1'); 
$response = $ua->get($endpoint); 
if ($response->is_success) { 
  print Dumper $response;
} 
else { 
  print "Error: " . $response->status_line, "\n"; 
}
[download]

But now I'm getting the following response ... We're using a simple passphrase for now to test with, no symbols. Research online showed other users had issues with complex passphrases and the decryption.

 
DEBUG: .../IO/Socket/SSL.pm:2411: Failed to load key from file (no PEM
+ or DER) 
SSL error: 4824: 1 - error:0606F076:digital envelope routines:EVP_PKCS
+82PKEY:unsupported private key algorithm 
SSL error: 4824: 2 - error:140B000D:SSL routines:SSL_CTX_use_PrivateKe
+y_file:ASN1 lib
[download]