How to Create a PFX Certificate File from a PEM File
Some certificate authorities (such as Let's Encrypt) only supply certificate in the form of a PEM file, which is not usable by many Windows services.
In the case of Let's Encrypt, the PEM file may not have been generated as a part of a certificate signing request.
How to Convert PEM to PFX
- Install the latest stable Open SSL. The main page is here or you can find good Windows binaries here.
- Copy the PEM file to the OpenSSL binary folder, such as C:\Program Files\OpenSSL-Win64\bin
- Open an administrative command prompt or Powershell window to that folder
- Type in:
.\openssl pkcs12 -export -out result.pfx -inkey mypemfile.pem -in mypemfile.pem
- You will be prompted for a PFX password as part of the process. You must securely store the password with the PFX file to be able to use it.
- Above, the -inkey command is used to input the private key. If you have a separate certificate signing request (CSR) this would likely not be in the .PEM file, but would be in a separate .CRT file:
.\openssl pkcs12 -export -out result.pfx -inkey mycsrkeyfile.crt -in mypemfile.cer
Also see here.
- Windows Server services that require a PFX certificate that includes the private key