Recently, I got a free SSL certificate from ZeroSSL but I downloaded zip file, it had three files .crt (Certificate), ca_bundle certificate and private.key file, since I needed .pfx file to install SSL on Windows Server so in this article, I have mentioned how we can create .pfx file from certificate(.crt) and private key files using OpenSSL.

Before we proceed further, you must have these files:

  • The certificate private key
  • .CRT file with Ca_bundle (root CA and intermediate certs)
  • OpenSSL installed on Windows.

Once you have all of the above files and application, then we can follow these steps to generate .pfx from certificate and private key

  1. Open your OpenSSL Application, once you have installed it.
  2. Now navigate to path, where we have all CRT and Key files are located, for me it is "C:\Users\vks-ssd\Downloads\" so command in openSSL looks like below
    cd C:\Users\vks-ssd\Downloads\
  3. Now, we will simply need to use below command to generate .pfx file
    openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt -certfile ca_bundle.crt


  4. Once you enter the above command, you will need to enter password and verify password, which is not visible, but it works.
  5. Once you have entered the password correctly, a new file is generated "certificate.pfx" in same location, where .crt and private key was located.

If you have a bundled .crt file that you use, for example, with Nginx, you can pass that in along with the cert all in one:

cat | tee -a
cat intermediate.crt | tee -a
cat rootca.crt | tee -a
openssl pkcs12 -export -out certificate.pfx \
  -inkey yourPrivate.key \

Once you have .PFX SSL certificate, to install the certificate on the server follow these steps:

  • you can log in into your Windows Server.
  • Open IIS and select Server Name
  • Then select "Server Certificate" from the middle pane.
  • Click on "Import.." from the right-pane.
  • Browse newly generated .pfx file and select it
  • Add the password, which you had entered while creating .pfx from crt/private key.
  • Click OK and your SSL will be imported.

That's it, we are done and ready to bind SSL with the website available on IIS.

You may also like to read:

Generate CSR and Import SSL on IIS Windows Server

Best Free SSL Certificate Providers

Best AWS S3 Free Alternatives

Download and Install IIS URL Rewrite

Change theme in Visual Studio

5+ Best Visual Studio Alternatives

Split String into Array in Powershell

Multiple lines (Multi-line) comments in Bash