Stone Computers Knowledgebase

How to Create a PFX Certificate File from a PEM File

Article ID: 828
Last updated: 14 Dec, 2020
Article ID: 828
Last updated: 14 Dec, 2020
Revision: 1
Views: 189
Posted: 14 Dec, 2020
by Andrew Sharrad
Updated: 14 Dec, 2020
by Andrew Sharrad

How to Create a PFX Certificate File from a PEM File

Problem

Some certificate authorities (such as Let's Encrypt) only supply certificate in the form of a PEM file, which is not usable by many Windows services.

In the case of Let's Encrypt, the PEM file may not have been generated as a part of a certificate signing request.

How to Convert PEM to PFX

  • Install the latest stable Open SSL. The main page is here or you can find good Windows binaries here.
  • Copy the PEM file to the OpenSSL binary folder, such as C:\Program Files\OpenSSL-Win64\bin
  • Open an administrative command prompt or Powershell window to that folder
  • Type in:

.\openssl pkcs12 -export -out result.pfx -inkey mypemfile.pem -in mypemfile.pem

  • You will be prompted for a PFX password as part of the process. You must securely store the password with the PFX file to be able to use it.
  • Above, the -inkey command is used to input the private key. If you have a separate certificate signing request (CSR) this would likely not be in the .PEM file, but would be in a separate .CRT file:

.\openssl pkcs12 -export -out result.pfx -inkey mycsrkeyfile.crt -in mypemfile.cer

Also see here.

Applies to:

  • Windows Server services that require a PFX certificate that includes the private key

This article was:  
Article ID: 828
Last updated: 14 Dec, 2020
Revision: 1
Views: 189
Posted: 14 Dec, 2020 by Andrew Sharrad
Updated: 14 Dec, 2020 by Andrew Sharrad