Create PFX Cert File (for IIS)

Windows IIS requires a pfx file when importing an SSL certificate.

This can be created from a crt and a key file using openssl and the following steps.

Locate the openssl.exe on your system. It is usually installed as part of git, and located, here:
C:\Program Files\Git\usr\bin\openssl.exe

Open a command line and navigate to the folder where your crt and private key file (key) are stored.

Execute a command of the following form, to create the pfx.

NOTE: You will need to replace elements with your specific key names:

openssl pkcs12 -export -out new-pfx-cert.pfx -inkey private-key.key -in certificate.crt

For example, when using the openssl binary and a specific site’s key, the statement looks like this:

"C:\Program Files\Git\usr\bin\openssl.exe" pkcs12 -export -out STAR.ogsofttech.com.pfx -inkey STAR.ogsofttech.com.key -in STAR.ogsofttech.com.crt

You will be prompted for the password of the key file.

NOTE: The pfx will be generated without error, regardless if the entered key password was correct or not.

Windows IIS will confirm the password on import, and fail if incorrect.