# Create PFX Cert File (for IIS)

Windows IIS requires a pfx file when importing an SSL certificate.

This can be created from a crt and a key file using openssl and the following steps.

Locate the openssl.exe on your system. It is usually installed as part of git, and located, here:  
C:\\Program Files\\Git\\usr\\bin\\openssl.exe

Open a command line and navigate to the folder where your crt and private key file (key) are stored.

Execute a command of the following form, to create the pfx.

NOTE: You will need to replace elements with your specific key names:

```bash
openssl pkcs12 -export -out new-pfx-cert.pfx -inkey private-key.key -in certificate.crt
```

For example, when using the openssl binary and a specific site’s key, the statement looks like this:

```bash
"C:\Program Files\Git\usr\bin\openssl.exe" pkcs12 -export -out STAR.ogsofttech.com.pfx -inkey STAR.ogsofttech.com.key -in STAR.ogsofttech.com.crt
```

You will be prompted for the password of the key file.

<p class="callout info">NOTE: The pfx will be generated without error, regardless if the entered key password was correct or not.</p>

Windows IIS will confirm the password on import, and fail if incorrect.