since the whole process is aids to figure out without any prior experience, I'll provide steps:
step 1: Download TegraRcmSmash
https://gbatemp.net/threads/tegrarcmsmash-a-fusee-launcher-for-windows.502334/
step 2: Get payload
https://gbatemp.net/threads/rcm-payload-hekate-mod-raw-full-nand-backup.502604/
step 3: Put an empty microSD card on exFAT with at least 32GB of space into your switch
step 4: Plug the switch into your comp, get into RCM
step 5: Boot hekate 1.3 and select rawNAND backup (something like that) and wait for it.
step 6: Get next payload (biskey)
https://switchtools.sshnuke.net
step 7: Open the folder with TegraRcmSmash and place biskeydump.bin next to it
step 8: While in the TegraRcmSmash folder, Shift + Right Click in an empty space and press "Open command window here"
step 9: Plug the switch into your comp, get into RCM (microsd card not required)
step 10: Back where you opened the command window, type TegraRcmSmash.exe -w out/biskeydump.bin BOOT:0x0
step 11: biskeydump will now show your keys on the console AND on your computer in the command window
step 12: Open hacdiskmount
https://switchtools.sshnuke.net
step 13: file > open > rawnand.bin (extracted from your switch)
step 14: select PRODINFO
step 15: put the keys in that it asks you for from the command window earlier.
step 16: You now have PRODINFO
step 17: download op's CertNXtractionPack
step 18: open up the pack and edit 00_generate_ssl_kek.py
step 19: insert the keys within the quotations
*EDIT: there's also a key in 01_decrypt_privk_extract_cert.py that you have to insert
step 20: replace "ssl_aes_key_x" with "key_x_gak", and replace "ssl_rsa_key_y" with "rpk_key_y"
EDIT: the rest you'll need to figure out for now lul. I was wrong the first time