How to create pfx file from certificate and private key

Question

I need  pfx file to install https on website on IIS    I have two separate files  certificate   cer or pem  and private key   crt  but IIS accepts only  pfx files   I obviously installed certificate and it is available in certificate manager  mmc  but when I select Certificate Export Wizard I cannot select PFX format  it s greyed out   Are there any tools to do that or C  examples of doing that programtically

User · Answer

If you re looking for a Windows GUI  check out DigiCert  I just used this and it was fairly simple   Under the SSL tab  I first Imported the Certificate  Then once I selected the Certificate I was able to export as a PFX  both with and without a keyfile   https   www digicert com util

User · Answer

In most of the cases  if you are unable to export the certificate as a PFX  including the private key  is because MMC IIS cannot find don t have access to the private key  used to generate the CSR   These are the steps I followed to fix this issue    Run MMC as Admin   Generate the CSR using MMC  Follow this instructions to make the certificate exportable    Once you get the certificate from the CA  crt   p7b   import them  Personal Certificates  and Intermediate Certification Authority Certificates   IMPORTANT  Right-click your new certificate  Personal Certificates  All Tasks  Manage Private Key  and assign permissions to your account or Everyone  risky    You can go back to previous permissions once you have finished  Now  right-click the certificate and select All Tasks  Export  and you should be able to export the certificate including the private key as a PFX file  and you can upload it to Azure    Hope this helps

User · Answer

You will need to use openssl   openssl pkcs12 -export -out domain name pfx -inkey domain name key -in domain name crt  The key file is just a text file with your private key in it   If you have a root CA and intermediate certs  then include them as well using multiple -in params  openssl pkcs12 -export -out domain name pfx -inkey domain name key -in domain name crt -in intermediate crt -in rootca crt  You can install openssl from here  openssl

User · Answer

You do NOT need openssl or makecert or any of that  You also don t need the personal key given to you by your CA  I can almost guarantee that the problem is that you expect to be able to use the key and cer files provided by your CA but they aren t based on  the IIS way   I m so tired of seeing bad and difficult info out here that I decided to blog the subject and the solution  When you realize what s going on and see how easy it is  you will want to hug me     SSL Certs for IIS with PFX once and for all - SSL and IIS Explained - http   rainabba blogspot com 2014 03 ssl-certs-for-iis-with-pfx-once-and-for html  Use IIS  Server Certificates  UI to  Generate Certificate Request   the details of this request are out of the scope of this article but those details are critical   This will give you a CSR prepped for IIS  You then give that CSR to your CA and ask for a certificate  Then you take the CER CRT file they give you  go back to IIS   Complete Certificate Request  in the same place you generated the request  It may ask for a  CER and you might have a  CRT  They are the same thing  Just change the extension or use the   extension drop-down to select your  CRT  Now provide a proper  friendly name     yourdomain com  yourdomain com  foo yourdomain com  etc    THIS IS IMPORTANT  This MUST match what you setup the CSR for and what your CA provided you  If you asked for a wildcard  your CA must have approved and generated a wildcard and you must use the same  If your CSR was generated for foo yourdomain com  you MUST provide the same at this step

User · Answer

I got a link with your requirement Combine CRT and KEY Files into a PFX with OpenSSL  Extracts from the above link      First we need to extract the root CA certificate from the existing    crt file  because we need this later  So open up the  crt and click   on the Certification Path tab       Click the topmost certificate  In this case VeriSign  and hit View   Certificate  Select the Details tab and hit Copy to File         Select Base-64 encoded X 509   CER  certificate Save it as rootca cer   or something similar  Place it in the same folder as the other files       Rename it from rootca cer to rootca crt Now we should have 3 files in   our folder from which we can create a PFX file       Here is where we need OpenSSL  We can either download and install it   on Windows  or simply open terminal on OSX    EDIT    There is a support link with step by step information on how to do install the certificate  After successfully install  export the certificate  choose  pfx format  include private key   Important Note    To export the certificate in  pfx format you need to follow the steps on the same machine from which you have requested the certificate  The imported file can be uploaded to server

User · Answer

You need to use the makecert tool    Open a command prompt as admin and type the following    makecert -sky exchange -r -n  CN  lt CertificateName gt   -pe -a sha1 -len 2048 -ss My   lt CertificateName gt  cer    Where  lt CertifcateName gt    the name of your cert to create    Then you can open the Certificate Manager snap-in for the management console by typing certmgr msc in the Start menu  click personal   certificates   and your cert should be available    Here is an article    https   azure microsoft com documentation articles cloud-services-certs-create

User · Answer

I was having the same issue   My problem was that the computer that generated the initial certificate request had crashed before the extended ssl validation process was completed   I needed to generate a new private key and then import the updated certificate from the certificate provider   If the private key doesn t exist on your computer then you can t export the certificate as pfx   They option is greyed out

User · Answer

When you say the certificate is available in MMC  is it available under  Current User  or  Local Computer   I ve found that I can only export the private key if it is under Local Computer    You can add the snap in for Certificates to MMC and choose which account it should manage certificates for  Choose Local Computer  If your certificate is not there  import it by right clicking the store and choosing All Tasks   Import    Now navigate to your imported certificate under the Local Computer version of the certificate snap in  Right click the certificate and choose All Tasks   Export  The second page of the export wizard should ask if you want to export the private key  Select Yes  The PFX option will now be the only one available  it is grayed out if you select no and the option to export the private key isn t available under the Current User account     You ll be asked to set a password for the PFX file and then to set the certificate name

User · Answer

For pfx files from SSL for Free I find this https   decoder link converter easiest  Simply make sure PEM - gt  PKCS 12 is selected  then upload the certificate  ca bundle and key files and convert  Remember the password  then upload with the password you used and add bindings

User · Answer

This is BY FAR the easiest way to convert   cer to   pfx files   Just download the portable certificate converter from DigiCert  https   www digicert com util pfx-certificate-management-utility-import-export-instructions htm  Execute it  select a file and get your   pfx

User · Answer

I know a few users have talked about installing this and that and adding command lines programmes and downloading     Personally I am lazy and find all these methods cumbersome and slow  plus I don t want to download anything and find the correct cmd lines if I don t have to   Best way for me on my personal IIS server is to use RapidSSLOnline  This is a tool that s on a server allows you to upload your certificate and private key and is able to generate a pfx file for you that you can directly import into IIS   The link is here  https   www rapidsslonline com ssl-tools ssl-converter php  Below is the steps used for the scenario requested         Select Current Type   PEM   Change for   PFX   Upload your certificate   Upload your private key   If you have ROOT CA cert or intermediate certs upload them too   Set a password of your choosing  used in IIS   Click the reCaptcha to prove you re not a bot   Click Convert      And that s it you should have a PFX downloaded and use this in your Import process on IIS   Hope this helps other like minded  lazy tech people

User · Answer

The Microsoft Pvk2Pfx command line utility seems to have the functionality you need     Pvk2Pfx  Pvk2Pfx exe  is a command-line tool copies public key and private key information contained in  spc   cer  and  pvk files to a Personal Information Exchange   pfx  file  http   msdn microsoft com en-us library windows hardware ff550672 v vs 85  aspx    Note  if you need want prefer a C  solution  then you may want to consider using the http   www bouncycastle org  api

User · Answer

I created  pfx file from  key and  pem files   Like this openssl pkcs12 -inkey rootCA key -in rootCA pem -export -out rootCA pfx

User · Answer

https   msdn microsoft com en-us library ff699202 aspx     relevant quotes from the article are below        Next  you have to create the  pfx file that you will use to sign your deployments  Open a Command Prompt window  and type the following command   PVK2PFX    pvk yourprivatekeyfile pvk    spc yourcertfile cer    pfx yourpfxfile pfx    po yourpfxpassword       where          pvk - yourprivatekeyfile pvk is the private key file that you created in step 4    spc - yourcertfile cer is the certificate file you created in step 4    pfx - yourpfxfile pfx is the name of the  pfx file that will be creating    po - yourpfxpassword is the password that you want to assign to the  pfx file  You will be prompted for this password when you add the  pfx file to a project in Visual Studio for the first time         Optionally  and not for the OP  but for future readers   you can create the  cer and  pvk file from scratch   you would do this BEFORE the above    Note the mm dd yyyy are placeholders for start and end dates   see msdn article for full documentation   makecert -sv yourprivatekeyfile pvk -n  CN My Certificate Name  yourcertfile cer -b mm dd yyyy -e mm dd yyyy -r

User · Answer

Although it is probably easiest to generate a new CSR using IIS  like  rainabba said   assuming you have the intermediate certificates there are some online converters out there - for instance  https   www sslshopper com ssl-converter html  This will allow you to create a PFX from your certificate and private key without having to install another program

[windows] How to create .pfx file from certificate and private key?

Examples related to windows

Examples related to security

Examples related to iis

Examples related to certificate

Examples related to ssl-certificate