Menu
I want to install the '.crt' certificate I received from a certificate provider to my IIS 7.5 server. I have tried many times to install the .crt file by clicking on the 'certificates', and it states that it is installed correctly. So I open IIS, select "my server", open "server certificate" which is available on the menu on the right side, click "complete certificate request", select the .crt certificate on my computer and click ok. However, when I refresh IIS the certificate disappears automatically.
Our hosting provider mentions that I need to use a '.pfx' file which I do not have.
308
With that you can generate the pfx file by the following steps: Import private key in the "Private Keys" tab; Import the certificate in the "Certificates" tab; Generate the pfx file by selecting the certificate and then "Export", select PKCS #12 as the format.
Run the DigiCert® Certificate Utility for Windows (double-click DigiCertUtil). In the Certificate Export wizard, select Yes, export the private key, select pfx file, and then check Include all certificates in the certification path if possible, and finally, click Next. A . pfx file uses the same format as a .
I have solved this issue by converting this .crt file into a .pfx file using following method.
To convert .crt to .pfx, we need CSA certificate (Private Key) provided by hosting provider. Below are the steps to convert this:
Download and install OpenSSL software from below link based on your system type https://slproweb.com/products/Win32OpenSSL.html
Run the following command on command prompt:openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
OR
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.txt -in certificate.crt -certfile CACert.crt
Here:
Certificate.crt = Your-domain-Name.crtCACert.crt = NetworkSolutions_CA.crtcertificate.pfx is the new name of generated file.PrivateKey can be in .key or .txt format
After completing this process now we have certificate.pfx file so go to IIS Server certificates in IIS Manager.
There is an import link button on right side, click on this and select the converted certificate and enter password which is enter at the time of creation of the .pfx file and complete the process.
Now select your site on IIS and right click on this, select "Edit Binding" and on the new popup window select type as https:// and "Hosting name" is your domain name and all other field is as it is, click on ok to complete this process.
Now restart IIS and your certificate is working fine with your site.
80
Small update to the super-useful answer above:
The OpenSSL versions have been updated, so the links no longer work. Here's the full download page from which to download any version: https://slproweb.com/products/Win32OpenSSL.html
I used Win64OpenSSL_Light-1_1_0j.exe for my Windows 10 IIS installation. Worked perfectly.
Installed into default location C:\OpenSSL-Win64\
For sslforfree.com's cert files, here's the command line for your convenience run from the folder containing the three files they provided by sslforfree.com:
C:\OpenSSL-Win64\bin\openssl.exe pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt -certfile ca_bundle.crt
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
