On the web, SSL certificates are often sold as CRT files in response to a self-generated Certificate Signing Request (CSR). The delivery from the provider usually includes the Root CA Certificate, one or more Intermediate CA Certificates and finally the certificate for the own domain in CRT format. However, Microsoft IIS and other server services only support certificates as a single PFX file, which must contain the key (often .key) and the other certificates.
Using Terminal on Mac and Linux systems, the certificates can be converted via OpenSSL:
Combine all certificates cat my_domain.crt intermediate1.crt intermediate2.crt root.crt > bundle.crt Convert to PFX openssl pkcs12 -export -out cert.pfx -inkey my_key.key -in bundle.crt
In the last command a password is assigned, which is needed afterwards for the import. The PFX file can now be imported and used in Windows systems, for example to offer a website via HTTPS with the IIS.