Say for example you have a .crt and a .key file which had the private key in it. What if you have to combine the .crt and .key file into a password protected .pfx file so that you can import the certificate and private key onto the servers? That’s what I had to do. I’ve tried to make this entry as no-nonsense as possible, so I put together sample screenshots of what the process looks like.
Example files when starting:
First we need to extract the root CA certificate from the existing .crt file, because we need this later. So open up the .crt and click on the Certification Path tab.
Click the topmost certificate (In this case VeriSign) and hit View Certificate. Select the Details tab and hit Copy to File…
Select Base-64 encoded X.509 (.CER) certificate
Save it as rootca.cer or something similar. Place it in the same folder as the other files.
Rename it from rootca.cer to rootca.crt
Now we should have 3 files in our folder from which we can create a PFX file.
Here is where we need OpenSSL. We can either download and install it on Windows, or simply open terminal on OSX.
Open terminal on OSX and CD to the directory the files are in. For Windows users, copy and paste the above three files into the default OpenSSL install location on Windows: C:\OpenSSL-Win32\bin. Then open a command prompt and change directories to C:\OpenSSL-Win32\bin. From this point the commands are the same.
We can see the three files.
The command syntax for my example is:
openssl pkcs12 -export -out vdi.elgwhoppo.com.pfx -inkey vdi.elgwhoppo.com.key -in vdi.elgwhoppo.com.crt -certfile rootca.crt
If everything was entered correctly, you should be prompted to create a password for the PFX file. Enter a password and confirm it. When finished you should have a working PFX file to import on your Windows boxes either via the MMC or IIS. You will need the password when importing the pfx.