Convert SSL certificate to PFX using OpenSSL

If you want to create a password protected PFX file from certificate file and a private key you can use OpenSSL. Follow these steps to create a PFX file.

ssl certificate
  • 1. Download the SSL/TLS tookit from https://www.openssl.org.
  • 2. Run this command in a terminal window:
    “{PATH}\openssl.exe” pkcs12 -export -out “{PATH}\{filename-of-pfx}.pfx” -inkey “{PATH}{filename-of-key}.key” -in “{PATH}{filename-of-certificate}.crt” -certfile {PATH}{filename-of-ca-bundle}.crt
  • 3. Choose a password for the pfx file.
  • 4. Done, the pfx file is now created at specified path.

Error when reading from PFX certificate SSL/TLS

Case
Establish a secure connection to a server. Authentication with certificate.

Error message
The request was aborted: Could not create SSL/TLS secure channel.

  1. Start Microsoft Management Console, either from control panel or by run command “mmc”.
  2. In MMC select File > Add/Remove Snap-In (Ctrl+M).

    mmc add remove snap in
  3. Select Certificates > Add > OK. In next window select Local Computer.

    mmc add certificate
  4. When Certificates is added select Certificates > Personal > Certificates.
  5. You can see all the installed certificates in the window to the right. In order to add a permission right-click on a certificate and select All Tasks > Manage Private Keys.

    mmc manage private keys
  6. Search for user IIS_IUSRS (IIS User) and then add the user. You can configure the permissions like full control, read etc.
    when the user is added.

    mmc add iis user