How to convert .crt cetificate file to .pfx

22
votes

I want to install the '.crt' certificate I received from a certificate provider to my IIS 7.5 server. I have tried many times to install the .crt file by clicking on the 'certificates', and it states that it is installed correctly. So I open IIS, select "my server", open "server certificate" which is available on the menu on the right side, click "complete certificate request", select the .crt certificate on my computer and click ok. However, when I refresh IIS the certificate disappears automatically.

Our hosting provider mentions that I need to use a '.pfx' file which I do not have.

2
ssl-certificateiis-7.5

2 Answers

37
votes

I have solved this issue by converting this .crt file into a .pfx file using following method.

To convert .crt to .pfx, we need CSA certificate (Private Key) provided by hosting provider. Below are the steps to convert this:

  • Download and install OpenSSL software from below link based on your system type https://slproweb.com/products/Win32OpenSSL.html

  • Run the following command on command prompt:
    openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

    OR

    openssl pkcs12 -export -out certificate.pfx -inkey privateKey.txt -in certificate.crt -certfile CACert.crt

Here:

Certificate.crt = Your-domain-Name.crt
CACert.crt = NetworkSolutions_CA.crt
certificate.pfx is the new name of generated file.
PrivateKey can be in .key or .txt format

After completing this process now we have certificate.pfx file so go to IIS Server certificates in IIS Manager.

There is an import link button on right side, click on this and select the converted certificate and enter password which is enter at the time of creation of the .pfx file and complete the process.

Now select your site on IIS and right click on this, select "Edit Binding" and on the new popup window select type as https:// and "Hosting name" is your domain name and all other field is as it is, click on ok to complete this process.

Now restart IIS and your certificate is working fine with your site.

2
votes

Small update to the super-useful answer above:

The OpenSSL versions have been updated, so the links no longer work. Here's the full download page from which to download any version: https://slproweb.com/products/Win32OpenSSL.html

I used Win64OpenSSL_Light-1_1_0j.exe for my Windows 10 IIS installation. Worked perfectly.

Installed into default location C:\OpenSSL-Win64\

For sslforfree.com's cert files, here's the command line for your convenience run from the folder containing the three files they provided by sslforfree.com:

C:\OpenSSL-Win64\bin\openssl.exe pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt -certfile ca_bundle.crt