Recently, I got a free SSL certificate from ZeroSSL but I downloaded zip file, it had three files .crt (Certificate), ca_bundle certificate and private.key file, since I needed .pfx file to install SSL on Windows Server so in this article, I have mentioned how we can create .pfx file from certificate(.crt) and private key files using OpenSSL.
Before we proceed further, you must have these files:
- The certificate private key
- .CRT file with Ca_bundle (root CA and intermediate certs)
- OpenSSL installed on Windows.
Once you have all of the above files and application, then we can follow these steps to generate .pfx from certificate and private key
- Open your OpenSSL Application, once you have installed it.
- Now navigate to path, where we have all CRT and Key files are located, for me it is "C:\Users\vks-ssd\Downloads\example.com" so command in openSSL looks like below
- Now, we will simply need to use below command to generate .pfx file
openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt -certfile ca_bundle.crt
- Once you enter the above command, you will need to enter password and verify password, which is not visible, but it works.
- Once you have entered the password correctly, a new file is generated "certificate.pfx" in same location, where .crt and private key was located.
If you have a bundled .crt file that you use, for example, with Nginx, you can pass that in along with the cert all in one:
cat domain.name.crt | tee -a domain.name.bundled.crt
cat intermediate.crt | tee -a domain.name.bundled.crt
cat rootca.crt | tee -a domain.name.bundled.crt
openssl pkcs12 -export -out certificate.pfx \
-inkey yourPrivate.key \
Once you have .PFX SSL certificate, to install the certificate on the server follow these steps:
- you can log in into your Windows Server.
- Open IIS and select Server Name
- Then select "Server Certificate" from the middle pane.
- Click on "Import.." from the right-pane.
- Browse newly generated .pfx file and select it
- Add the password, which you had entered while creating .pfx from crt/private key.
- Click OK and your SSL will be imported.
That's it, we are done and ready to bind SSL with the website available on IIS.
You may also like to read: