Purpose: Sometimes you may find that you need to convert a .crt or .pem certificate file into a .pfx file that Microsoft IIS Server Manager can import for something like Exchange Server or another custom IIS-based server.

Download the Certificate Files¶

This step will vary based on how you are obtaining the certificates. The primary thing to focus on is making sure you have the certificate file and the private key.

Certificate Folder Structure

certificate.crt
certificate.pem
gd-g2_iis_intermediates.p7b
private.key

Convert using OpenSSL¶

You will need a linux machine such as Ubuntu 22.04LTS, or to download the Windows equivelant of OpenSSL in order to run the necessary commands to convert and package the files into a .pfx file that IIS Server Manager can use.

Note

You need to make sure that all of the certificate files as well as private key are in the same folder (to keep things simple) during the conversion process. It will prompt you to enter a password for the PFX file, choose anything you want.

OpenSSL Conversion Command

openssl pkcs12 -export -out IIS-Certificate.pfx -inkey private.key -in gd-g2_iis_intermediates.p7b -in certificate.crt

Tip

You can rename the files anything you want for organizational purposes. Afterall, they are just plaintext files. For example, you could rename gd-g2_iis_intermediates.p7b to intermediate.bundle and it would still work without issue in the command. During the import phase in IIS Server Manager, you can check a box to enable Exporting the certificate, effectively reverse-engineering it back into a certificate and private key.