SSL Certificates: Convert CRT to PFX for Microsoft Server / IIS

On the web, SSL certificates are often sold as CRT files in response to a self-generated Certificate Signing Request (CSR). The delivery from the provider usually includes the Root CA Certificate, one or more Intermediate CA Certificates and finally the certificate for the own domain in CRT format. However, Microsoft IIS and other server services only support certificates as a single PFX file, which must contain the key (often .key) and the other certificates.

Using Terminal on Mac and Linux systems, the certificates can be converted via OpenSSL:

Combine all certificates
cat my_domain.crt intermediate1.crt intermediate2.crt root.crt > bundle.crt

Convert to PFX
openssl pkcs12 -export -out cert.pfx -inkey my_key.key -in bundle.crt

In the last command a password is assigned, which is needed afterwards for the import. The PFX file can now be imported and used in Windows systems, for example to offer a website via HTTPS with the IIS.

Leave a Comment