I usually work with Linux-based operating systems for web development. However, my company does run a couple of Microsoft Windows(R) servers for internal financial systems. When securing connections to Windows services, it is often useful to have certificates available in PFX format.
To convert a private key, certificate, and (optionally) any trusted chains; you will need the following:
- The private key file.
- A PEM containing the corresponding certificate.
- Additional trust chains to be included (may also be included in the PEM in bullet 2).
- OpenSSL (I tested this with the Mac OS X High Sierra – LibreSSL 2.2.7).
Place all of the files in your home directory and start a terminal session. Execute the following command, replacing the file names where appropriate for the files you have prepared:
openssl pkcs12 -export -out trevweb.pfx -inkey trevweb.key -in trevweb.crt -certfile trust-chain.crt
Assuming everything executed correctly, you should now have a ‘trevweb.pfx’ file located in your home directory ready to be imported easily by Windows services. A PFX, or I think more accurately a PKCS #12, file is a binary file format that may contain multiple certificate bundles.