Sorry, but if you say you are "low in PHP" could you honestly say you have secured your website enough to handle credit card details and are fully PCI DSS compliant?
The username, password and signature are found under the PayPal Profile page under API Credentials, then you want to view the API signature rather than certificate.
Update
Take a look at this document on PayPals developer network. It states
VENDOR = Merchant Login ID. This is the lD created when you signed up for your account.
USER = Merchant Login ID unless you created a USER for Payflow Pro
PWD = Password for VENDOR unless you have a different USER, then it would be for USER.
Examples:
Correct usage:
VENDOR=myaccount
USER=myaccount
PARTNER=PayPalUK
PWD=mypassword
USER can also be different from VENDOR if you created a user for your transactions. This is actually suggested.
Example: vendor=myaccount&user=myaccountpro&pwd=myaccountpropassword&partner=mypartner
Incorrect usages:
VENDOR=AFnbvsbQVRButJHZs6.l0X3A7qNRAD.JM9YVjurzrVeDxa2ua9NmevLN
USER=bob._1187260083_biz_api1.myweb.com
PARTNER=PayPalUK
VENDOR=paypal_api1.myemail.com
USER=paypal_api1.myemail.com
PARTNER=PayPal