How to get PFX from CRT files

Question

The .PFX file is required for IIS and Tomcat (HTTPS).
There are several .CRT files:

• AAACertificateServices.crt
• private.key
• SectigoRSADomainValidationSecureServerCA.crt
• STAR_domain_com.crt
• USERTrustRSAAAACA.crt

How can I get a .PFX file from the above files using openssl?

I tried it like this:

openssl pkcs12 -export -in  STAR_domain_com.crt -inkey private.key -out STAR_domain_com.pfx

but the certification chain is incomplete

As a result, I don't see the certification chain: empty certification chain

I want to get like for Let's Encrypt: valid certification chain

Answer 1

To convert .crt to .pfx, we need CSA certificate (Private Key) provided by hosting provider. Below are the steps to convert this:

• Download and install OpenSSL software from below link based on your system type https://slproweb.com/products/Win32OpenSSL.html

• Run the following command on command prompt:

  openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

  OR

  openssl pkcs12 -export -out certificate.pfx -inkey privateKey.txt -in certificate.crt -certfile CACert.crt

Here:

Certificate.crt = Your-domain-Name.crt

CACert.crt = NetworkSolutions_CA.crt

certificate.pfx is the new name of generated file.

PrivateKey can be in .key or .txt format

After completing this process now we have certificate.pfx file so go to IIS Server certificates in IIS Manager.

There is an import link button on right side, click on this and select the converted certificate and enter password which is enter at the time of creation of the .pfx file and complete the process.

Now select your site on IIS and right click on this, select "Edit Binding" and on the new popup window select type as https:// and "Hosting name" is your domain name and all other field is as it is, click on ok to complete this process.

Now restart IIS and your certificate is working fine with your site.

https://stackoverflow.com/a/12798206/13336642